From 0809037f614c8dbd509099663bc9082a4140cfa5 Mon Sep 17 00:00:00 2001
From: Boone Gorges <boonebgorges@git.wordpress.org>
Date: Tue, 23 Feb 2016 02:20:28 +0000
Subject: [PATCH] Query: `is_*( $int )` should not falsely match strings
 starting with "$int".

Another chapter in the Storied Annals of Weird `in_array()` Behavior:
`in_array( 4, array( "4-cool-dudes" ) );` resolves to `true`, such that
`is_page( 4 )` was returning true for posts with the name `'4-cool-dudes'`.

We work around this behavior by ensuring that values passed to the `is_`
methods are cast to strings before the `in_array()` checks. ID checks still
work as expected; see #24674.

Props mikejolley, swissspidy, boonebgorges.
Fixes #35902.

git-svn-id: https://develop.svn.wordpress.org/trunk@36625 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/query.php                  |  12 +-
 tests/phpunit/tests/query/conditionals.php | 248 +++++++++++++++++++++
 2 files changed, 254 insertions(+), 6 deletions(-)

diff --git a/src/wp-includes/query.php b/src/wp-includes/query.php
index 053f4e95c5..70d02378d9 100644
--- a/src/wp-includes/query.php
+++ b/src/wp-includes/query.php
@@ -4202,7 +4202,7 @@ class WP_Query {
 			return true;
 		}
 
-		$attachment = (array) $attachment;
+		$attachment = array_map( 'strval', (array) $attachment );
 
 		$post_obj = $this->get_queried_object();
 
@@ -4236,7 +4236,7 @@ class WP_Query {
 
 		$author_obj = $this->get_queried_object();
 
-		$author = (array) $author;
+		$author = array_map( 'strval', (array) $author );
 
 		if ( in_array( (string) $author_obj->ID, $author ) )
 			return true;
@@ -4268,7 +4268,7 @@ class WP_Query {
 
 		$cat_obj = $this->get_queried_object();
 
-		$category = (array) $category;
+		$category = array_map( 'strval', (array) $category );
 
 		if ( in_array( (string) $cat_obj->term_id, $category ) )
 			return true;
@@ -4300,7 +4300,7 @@ class WP_Query {
 
 		$tag_obj = $this->get_queried_object();
 
-		$tag = (array) $tag;
+		$tag = array_map( 'strval', (array) $tag );
 
 		if ( in_array( (string) $tag_obj->term_id, $tag ) )
 			return true;
@@ -4502,7 +4502,7 @@ class WP_Query {
 
 		$page_obj = $this->get_queried_object();
 
-		$page = (array) $page;
+		$page = array_map( 'strval', (array) $page );
 
 		if ( in_array( (string) $page_obj->ID, $page ) ) {
 			return true;
@@ -4595,7 +4595,7 @@ class WP_Query {
 
 		$post_obj = $this->get_queried_object();
 
-		$post = (array) $post;
+		$post = array_map( 'strval', (array) $post );
 
 		if ( in_array( (string) $post_obj->ID, $post ) ) {
 			return true;
diff --git a/tests/phpunit/tests/query/conditionals.php b/tests/phpunit/tests/query/conditionals.php
index a1f3665486..7606dba9c4 100644
--- a/tests/phpunit/tests/query/conditionals.php
+++ b/tests/phpunit/tests/query/conditionals.php
@@ -1017,4 +1017,252 @@ class Tests_Query_Conditionals extends WP_UnitTestCase {
 		$this->assertFalse( is_page_template( array( 'test.php' ) ) );
 		$this->assertTrue( is_page_template( array('test.php', 'example.php') ) );
 	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_attachment_should_not_match_numeric_id_to_post_title_beginning_with_id() {
+		$p1 = self::factory()->post->create( array(
+			'post_type' => 'attachment',
+			'post_title' => 'Foo',
+			'post_name' => 'foo',
+		) );
+		$p2 = self::factory()->post->create( array(
+			'post_type' => 'attachment',
+			'post_title' => "$p1 Foo",
+			'post_name' => 'foo-2',
+		) );
+
+		$this->go_to( get_permalink( $p2 ) );
+
+		$this->assertTrue( is_attachment( $p2 ) );
+		$this->assertFalse( is_attachment( $p1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_attachment_should_not_match_numeric_id_to_post_name_beginning_with_id() {
+		$p1 = self::factory()->post->create( array(
+			'post_type' => 'attachment',
+			'post_title' => 'Foo',
+			'post_name' => 'foo',
+		) );
+		$p2 = self::factory()->post->create( array(
+			'post_type' => 'attachment',
+			'post_title' => 'Foo',
+			'post_name' => "$p1-foo",
+		) );
+
+		$this->go_to( get_permalink( $p2 ) );
+
+		$this->assertTrue( is_attachment( $p2 ) );
+		$this->assertFalse( is_attachment( $p1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_author_should_not_match_numeric_id_to_nickname_beginning_with_id() {
+		$u1 = self::factory()->user->create( array(
+			'nickname' => 'Foo',
+			'user_nicename' => 'foo',
+		) );
+		$u2 = self::factory()->user->create( array(
+			'nickname' => "$u1 Foo",
+			'user_nicename' => 'foo-2',
+		) );
+
+		$this->go_to( get_author_posts_url( $u2 ) );
+
+		$this->assertTrue( is_author( $u2 ) );
+		$this->assertFalse( is_author( $u1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_author_should_not_match_numeric_id_to_user_nicename_beginning_with_id() {
+		$u1 = self::factory()->user->create( array(
+			'nickname' => 'Foo',
+			'user_nicename' => 'foo',
+		) );
+		$u2 = self::factory()->user->create( array(
+			'nickname' => 'Foo',
+			'user_nicename' => "$u1-foo",
+		) );
+
+		$this->go_to( get_author_posts_url( $u2 ) );
+
+		$this->assertTrue( is_author( $u2 ) );
+		$this->assertFalse( is_author( $u1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_category_should_not_match_numeric_id_to_name_beginning_with_id() {
+		$t1 = self::factory()->term->create( array(
+			'taxonomy' => 'category',
+			'slug' => 'foo',
+			'name' => 'foo',
+		) );
+		$t2 = self::factory()->term->create( array(
+			'taxonomy' => 'category',
+			'slug' => "$t1-foo",
+			'name' => 'foo 2',
+		) );
+
+		$this->go_to( get_term_link( $t2 ) );
+
+		$this->assertTrue( is_category( $t2 ) );
+		$this->assertFalse( is_category( $t1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_category_should_not_match_numeric_id_to_slug_beginning_with_id() {
+		$t1 = self::factory()->term->create( array(
+			'taxonomy' => 'category',
+			'slug' => 'foo',
+			'name' => 'foo',
+		) );
+		$t2 = self::factory()->term->create( array(
+			'taxonomy' => 'category',
+			'slug' => 'foo-2',
+			'name' => "$t1 foo",
+		) );
+
+		$this->go_to( get_term_link( $t2 ) );
+
+		$this->assertTrue( is_category( $t2 ) );
+		$this->assertFalse( is_category( $t1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_tag_should_not_match_numeric_id_to_name_beginning_with_id() {
+		$t1 = self::factory()->term->create( array(
+			'taxonomy' => 'post_tag',
+			'slug' => 'foo',
+			'name' => 'foo',
+		) );
+		$t2 = self::factory()->term->create( array(
+			'taxonomy' => 'post_tag',
+			'slug' => "$t1-foo",
+			'name' => 'foo 2',
+		) );
+
+		$this->go_to( get_term_link( $t2 ) );
+
+		$this->assertTrue( is_tag( $t2 ) );
+		$this->assertFalse( is_tag( $t1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_tag_should_not_match_numeric_id_to_slug_beginning_with_id() {
+		$t1 = self::factory()->term->create( array(
+			'taxonomy' => 'post_tag',
+			'slug' => 'foo',
+			'name' => 'foo',
+		) );
+		$t2 = self::factory()->term->create( array(
+			'taxonomy' => 'post_tag',
+			'slug' => 'foo-2',
+			'name' => "$t1 foo",
+		) );
+
+		$this->go_to( get_term_link( $t2 ) );
+
+		$this->assertTrue( is_tag( $t2 ) );
+		$this->assertFalse( is_tag( $t1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_page_should_not_match_numeric_id_to_post_title_beginning_with_id() {
+		$p1 = self::factory()->post->create( array(
+			'post_type' => 'page',
+			'post_title' => 'Foo',
+			'post_name' => 'foo',
+		) );
+		$p2 = self::factory()->post->create( array(
+			'post_type' => 'page',
+			'post_title' => "$p1 Foo",
+			'post_name' => 'foo-2',
+		) );
+
+		$this->go_to( get_permalink( $p2 ) );
+
+		$this->assertTrue( is_page( $p2 ) );
+		$this->assertFalse( is_page( $p1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_page_should_not_match_numeric_id_to_post_name_beginning_with_id() {
+		$p1 = self::factory()->post->create( array(
+			'post_type' => 'page',
+			'post_title' => 'Foo',
+			'post_name' => 'foo',
+		) );
+		$p2 = self::factory()->post->create( array(
+			'post_type' => 'page',
+			'post_title' => 'Foo',
+			'post_name' => "$p1-foo",
+		) );
+
+		$this->go_to( get_permalink( $p2 ) );
+
+		$this->assertTrue( is_page( $p2 ) );
+		$this->assertFalse( is_page( $p1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_single_should_not_match_numeric_id_to_post_title_beginning_with_id() {
+		$p1 = self::factory()->post->create( array(
+			'post_type' => 'post',
+			'post_title' => 'Foo',
+			'post_name' => 'foo',
+		) );
+		$p2 = self::factory()->post->create( array(
+			'post_type' => 'post',
+			'post_title' => "$p1 Foo",
+			'post_name' => 'foo-2',
+		) );
+
+		$this->go_to( get_permalink( $p2 ) );
+
+		$this->assertTrue( is_single( $p2 ) );
+		$this->assertFalse( is_single( $p1 ) );
+	}
+
+	/**
+	 * @ticket 35902
+	 */
+	public function test_is_single_should_not_match_numeric_id_to_post_name_beginning_with_id() {
+		$p1 = self::factory()->post->create( array(
+			'post_type' => 'post',
+			'post_title' => 'Foo',
+			'post_name' => 'foo',
+		) );
+		$p2 = self::factory()->post->create( array(
+			'post_type' => 'post',
+			'post_title' => 'Foo',
+			'post_name' => "$p1-foo",
+		) );
+
+		$this->go_to( get_permalink( $p2 ) );
+
+		$this->assertTrue( is_single( $p2 ) );
+		$this->assertFalse( is_single( $p1 ) );
+	}
 }