vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-14 09:34:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't improperly cast IDs when fetching post, user, or term objects.

Browse Source 
Blindly casting passed IDs to integers can generate false positives
when the ID is cast to `1`.

Props deeptiboddapati.
Fixes #37738.

git-svn-id: https://develop.svn.wordpress.org/trunk@38381 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Boone Gorges
2016-08-26 19:08:23 +00:00
parent 8b431f6859
commit 6eaa56f3d4
6 changed files with 325 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-includes/class-wp-post.php
View File

@@ -210,9 +210,11 @@ final class WP_Post {
public static function get_instance( $post_id ) {
global $wpdb;
$post_id = (int) $post_id;
if ( ! $post_id )
if ( ! is_numeric( $post_id ) || $post_id != floor( $post_id ) || ! $post_id ) {
return false;
}
$post_id = (int) $post_id;
$_post = wp_cache_get( $post_id, 'posts' );