From 9f7fc54ca7c3540603a9182e18cabedb219f45b3 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Fri, 29 Dec 2023 13:52:57 +0000 Subject: [PATCH] Canonical: Check if the `author` parameter is a string in `redirect_canonical()`. This avoids a PHP warning or error when viewing an author on the front end, while an array is passed as `$_GET['author']`. Follow-up to [12034], [12040], [12202]. Props david.binda, antonvlasenko, azaozz, SergeyBiryukov. Fixes #60059. git-svn-id: https://develop.svn.wordpress.org/trunk@57232 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/canonical.php | 4 +++- tests/phpunit/tests/canonical.php | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/canonical.php b/src/wp-includes/canonical.php index 040567fd0e..0b94791fd9 100644 --- a/src/wp-includes/canonical.php +++ b/src/wp-includes/canonical.php @@ -316,7 +316,9 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { $redirect['query'] = remove_query_arg( 'year', $redirect['query'] ); } } - } elseif ( is_author() && ! empty( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] ) ) { + } elseif ( is_author() && ! empty( $_GET['author'] ) + && is_string( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] ) + ) { $author = get_userdata( get_query_var( 'author' ) ); if ( false !== $author diff --git a/tests/phpunit/tests/canonical.php b/tests/phpunit/tests/canonical.php index 8bad744061..35bde13937 100644 --- a/tests/phpunit/tests/canonical.php +++ b/tests/phpunit/tests/canonical.php @@ -206,6 +206,7 @@ class Tests_Canonical extends WP_Canonical_UnitTestCase { array( '/?author=%d', '/author/canonical-author/' ), // array( '/?author=%d&year=2008', '/2008/?author=3'), // array( '/author/canonical-author/?year=2008', '/2008/?author=3'), // Either or, see previous testcase. + array( '/author/canonical-author/?author[1]=hello', '/author/canonical-author/?author[1]=hello', 60059 ), // Feeds. array( '/?feed=atom', '/feed/atom/' ),