diff --git src/wp-includes/query.php src/wp-includes/query.php
index c5c1ae6..bb4e426 100644
|
|
class WP_Query { |
1595 | 1595 | if ( ! empty($qv['robots']) ) |
1596 | 1596 | $this->is_robots = true; |
1597 | 1597 | |
1598 | | $qv['p'] = absint($qv['p']); |
| 1598 | if ( is_object( $qv['p'] ) || ! is_scalar( $qv['p'] ) || $qv['p'] < 0 ) { |
| 1599 | $qv['p'] = 0; |
| 1600 | $qv['error'] = '404'; |
| 1601 | } else { |
| 1602 | $qv['p'] = intval( $qv['p'] ); |
| 1603 | } |
| 1604 | |
1599 | 1605 | $qv['page_id'] = absint($qv['page_id']); |
1600 | 1606 | $qv['year'] = absint($qv['year']); |
1601 | 1607 | $qv['monthnum'] = absint($qv['monthnum']); |
diff --git tests/phpunit/tests/query/parseQuery.php tests/phpunit/tests/query/parseQuery.php
index c4cb1dd..8a8bfd6 100644
|
|
class Tests_Query_ParseQuery extends WP_UnitTestCase { |
51 | 51 | |
52 | 52 | $this->assertSame( true, $q->query_vars['s'] ); |
53 | 53 | } |
| 54 | |
| 55 | /** |
| 56 | * @ticket 33372 |
| 57 | */ |
| 58 | public function test_parse_query_p_negative_int() { |
| 59 | $q = new WP_Query(); |
| 60 | $q->parse_query( array( |
| 61 | 'p' => -3, |
| 62 | ) ); |
| 63 | |
| 64 | $this->assertSame( -3, $q->query_vars['p'] ); |
| 65 | $this->assertSame( '404', $q->query_vars['error'] ); |
| 66 | } |
| 67 | |
| 68 | /** |
| 69 | * @ticket 33372 |
| 70 | */ |
| 71 | public function test_parse_query_p_array() { |
| 72 | $q = new WP_Query(); |
| 73 | $q->parse_query( array( |
| 74 | 'p' => array(), |
| 75 | ) ); |
| 76 | |
| 77 | $this->assertSame( '404', $q->query_vars['error'] ); |
| 78 | } |
| 79 | |
| 80 | /** |
| 81 | * @ticket 33372 |
| 82 | */ |
| 83 | public function test_parse_query_p_object() { |
| 84 | $q = new WP_Query(); |
| 85 | $q->parse_query( array( |
| 86 | 'p' => new stdClass(), |
| 87 | ) ); |
| 88 | |
| 89 | $this->assertSame( '404', $q->query_vars['error'] ); |
| 90 | } |
| 91 | |
54 | 92 | } |