From e36cac679417415a44dbe803e87a12dc9df19186 Mon Sep 17 00:00:00 2001
From: Boone Gorges <boonebgorges@git.wordpress.org>
Date: Thu, 16 Oct 2014 03:31:27 +0000
Subject: [PATCH] Check that search value is scalar before parsing.

Prevents PHP notices when non-scalar values are passed.

Includes unit tests.

Props tivnet.
Fixes #29736.

git-svn-id: https://develop.svn.wordpress.org/trunk@29912 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/query.php                |  3 +-
 tests/phpunit/tests/query/parseQuery.php | 54 ++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 tests/phpunit/tests/query/parseQuery.php

diff --git a/src/wp-includes/query.php b/src/wp-includes/query.php
index 54f30873a6..1334272911 100644
--- a/src/wp-includes/query.php
+++ b/src/wp-includes/query.php
@@ -1574,8 +1574,9 @@ class WP_Query {
 		if ( '' !== $qv['menu_order'] ) $qv['menu_order'] = absint($qv['menu_order']);
 
 		// Fairly insane upper bound for search string lengths.
-		if ( ! empty( $qv['s'] ) && strlen( $qv['s'] ) > 1600 )
+		if ( ! is_scalar( $qv['s'] ) || ( ! empty( $qv['s'] ) && strlen( $qv['s'] ) > 1600 ) ) {
 			$qv['s'] = '';
+		}
 
 		// Compat. Map subpost to attachment.
 		if ( '' != $qv['subpost'] )
diff --git a/tests/phpunit/tests/query/parseQuery.php b/tests/phpunit/tests/query/parseQuery.php
new file mode 100644
index 0000000000..c4cb1dd16b
--- /dev/null
+++ b/tests/phpunit/tests/query/parseQuery.php
@@ -0,0 +1,54 @@
+<?php
+
+/**
+ * @group query
+ */
+class Tests_Query_ParseQuery extends WP_UnitTestCase {
+	/**
+	 * @ticket 29736
+	 */
+	public function test_parse_query_s_array() {
+		$q = new WP_Query();
+		$q->parse_query( array(
+			's' => array( 'foo' ),
+		) );
+
+		$this->assertSame( '', $q->query_vars['s'] );
+	}
+
+	public function test_parse_query_s_string() {
+		$q = new WP_Query();
+		$q->parse_query( array(
+			's' => 'foo',
+		) );
+
+		$this->assertSame( 'foo', $q->query_vars['s'] );
+	}
+
+	public function test_parse_query_s_float() {
+		$q = new WP_Query();
+		$q->parse_query( array(
+			's' => 3.5,
+		) );
+
+		$this->assertSame( 3.5, $q->query_vars['s'] );
+	}
+
+	public function test_parse_query_s_int() {
+		$q = new WP_Query();
+		$q->parse_query( array(
+			's' => 3,
+		) );
+
+		$this->assertSame( 3, $q->query_vars['s'] );
+	}
+
+	public function test_parse_query_s_bool() {
+		$q = new WP_Query();
+		$q->parse_query( array(
+			's' => true,
+		) );
+
+		$this->assertSame( true, $q->query_vars['s'] );
+	}
+}