From 5cf0bc9be010fccf9503c63df79424316afe1571 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Mon, 18 Mar 2013 14:33:09 +0000 Subject: [PATCH] Bail early with correct WP_Error when an invalid post ID is passed to wp_insert_post() and wp_update_post(). Props simonwheatley fixes #23474 git-svn-id: https://develop.svn.wordpress.org/trunk@23740 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/post.php | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/wp-includes/post.php b/wp-includes/post.php index d32a1cd4ad..cc80dcee4f 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -2635,9 +2635,21 @@ function wp_insert_post($postarr, $wp_error = false) { extract($postarr, EXTR_SKIP); // Are we updating or creating? + $post_ID = 0; $update = false; - if ( !empty($ID) ) { + if ( ! empty( $ID ) ) { $update = true; + + // Get the post ID and GUID + $post_ID = $ID; + $post_before = get_post( $post_ID ); + if ( is_null( $post_before ) ) { + if ( $wp_error ) + return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) ); + return 0; + } + + $guid = get_post_field( 'guid', $post_ID ); $previous_status = get_post_field('post_status', $ID); } else { $previous_status = 'new'; @@ -2673,15 +2685,6 @@ function wp_insert_post($postarr, $wp_error = false) { if ( empty($post_author) ) $post_author = $user_ID; - $post_ID = 0; - - // Get the post ID and GUID - if ( $update ) { - $post_ID = (int) $ID; - $guid = get_post_field( 'guid', $post_ID ); - $post_before = get_post($post_ID); - } - // Don't allow contributors to set the post slug for pending review posts if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) ) $post_name = ''; @@ -2894,6 +2897,12 @@ function wp_update_post( $postarr = array(), $wp_error = false ) { // First, get all of the original fields $post = get_post($postarr['ID'], ARRAY_A); + if ( is_null( $post ) ) { + if ( $wp_error ) + return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) ); + return 0; + } + // Escape data pulled from DB. $post = wp_slash($post);