From 3e866f8b8fe934e4c2b3c340850718af8a614d49 Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Sun, 7 Aug 2022 23:03:57 +0000 Subject: [PATCH] Rewrite rules: Prevent malformed date requests throwing notices. Ensure that date queries contain each component before attempting to use them. This prevents http requests triggering notices if a portion of the date is missing. For example a request containing a day and year but no month, a request containing a month bu not year. Props ovidiul, dd32, peterwilsoncc, costdev, johnbillion, SergeyBiryukov, desrosj, tremidkhar, hellofromTonya. Fixes #52252. git-svn-id: https://develop.svn.wordpress.org/trunk@53857 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/rewrite.php | 5 ++- tests/phpunit/tests/query.php | 67 +++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/rewrite.php b/src/wp-includes/rewrite.php index ab23a1887c..af66d02b94 100644 --- a/src/wp-includes/rewrite.php +++ b/src/wp-includes/rewrite.php @@ -410,7 +410,10 @@ function wp_resolve_numeric_slug_conflicts( $query_vars = array() ) { } // This is the potentially clashing slug. - $value = $query_vars[ $compare ]; + $value = ''; + if ( $compare && array_key_exists( $compare, $query_vars ) ) { + $value = $query_vars[ $compare ]; + } $post = get_page_by_path( $value, OBJECT, 'post' ); if ( ! ( $post instanceof WP_Post ) ) { diff --git a/tests/phpunit/tests/query.php b/tests/phpunit/tests/query.php index 9a8a9b3ffd..8c9d18b520 100644 --- a/tests/phpunit/tests/query.php +++ b/tests/phpunit/tests/query.php @@ -2,6 +2,13 @@ class Tests_Query extends WP_UnitTestCase { + /** + * Fixed date post ID. + * + * @var int + */ + public static $post_with_date; + public function set_up() { parent::set_up(); @@ -9,6 +16,15 @@ class Tests_Query extends WP_UnitTestCase { create_initial_taxonomies(); } + public static function wpSetUpBeforeClass( WP_UnitTest_Factory $factory ) { + self::$post_with_date = $factory->post->create( + array( + 'post_date' => '2020-01-05 12:00:00', + 'post_name' => 'post-with-date', + ) + ); + } + /** * @ticket 24785 */ @@ -697,6 +713,57 @@ class Tests_Query extends WP_UnitTestCase { $this->assertSame( 'term1', get_query_var( 'term' ) ); } + /** + * @ticket 52252 + * @dataProvider data_malformed_date_queries + * + * @param string $permalink_structure Permalink structure. + * @param array $query_vars Querystring parameteres. + */ + public function test_malformed_date_queries( $permalink_structure, $query_vars ) { + $this->set_permalink_structure( $permalink_structure ); + $this->go_to( add_query_arg( $query_vars, home_url() ) ); + + /* + * Ticket 52252 was to prevent notices from being thrown + * if the date query is malformed. + * + * The test will automatically fail if the function triggers a notice, + * so this dummy assertion is just for accurate stats. + */ + $this->assertTrue( true ); + } + + /** + * Data provider for test_malformed_date_queries. + * + * @return array Test data. + */ + public function data_malformed_date_queries() { + return array( + '/%postname%/ with missing year' => array( + '/%postname%/', + array( + 'monthnum' => 1, + 'day' => 15, + ), + ), + '/%postname%/ with month only' => array( + '/%postname%/', + array( + 'monthnum' => 1, + ), + ), + '/%year%/%postname%/ with missing month' => array( + '/%year%/%postname%/', + array( + 'year' => 2020, + 'day' => 15, + ), + ), + ); + } + /** * @ticket 55100 */