Don't improperly cast IDs when fetching post, user, or term objects.

Blindly casting passed IDs to integers can generate false positives when the ID is cast to `1`. Props deeptiboddapati. Fixes #37738. git-svn-id: https://develop.svn.wordpress.org/trunk@38381 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 22:30:04 +00:00 · 2016-08-26 19:08:23 +00:00
parent 8b431f6859
commit 6eaa56f3d4
6 changed files with 325 additions and 6 deletions
--- a/src/wp-includes/class-wp-term.php
+++ b/src/wp-includes/class-wp-term.php
@@ -125,11 +125,12 @@ final class WP_Term {
 	public static function get_instance( $term_id, $taxonomy = null ) {
 		global $wpdb;

-		$term_id = (int) $term_id;
-		if ( ! $term_id ) {
+		if ( ! is_numeric( $term_id ) || $term_id != floor( $term_id ) || ! $term_id ) {
 			return false;
 		}

+		$term_id = (int) $term_id;
+
 		$_term = wp_cache_get( $term_id, 'terms' );

 		// If there isn't a cached version, hit the database.