Changeset 23740

Timestamp:

03/18/2013 02:33:09 PM (12 years ago)

Author:

ryan

Message:

Bail early with correct WP_Error when an invalid post ID is passed to wp_insert_post() and wp_update_post().

Props simonwheatley
fixes #23474

File:

• trunk/wp-includes/post.php (modified) (3 diffs)

trunk/wp-includes/post.php

@@ -2636 +2636 @@
 
     // Are we updating or creating?
+    $post_ID = 0;
     $update = false;
-    if ( !empty($ID) ) {
+    if ( ! empty( $ID ) ) {
         $update = true;
+
+        // Get the post ID and GUID
+        $post_ID = $ID;
+        $post_before = get_post( $post_ID );
+        if ( is_null( $post_before ) ) {
+            if ( $wp_error )
+                return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) );
+            return 0;
+        }
+
+        $guid = get_post_field( 'guid', $post_ID );
         $previous_status = get_post_field('post_status', $ID);
     } else {
@@ -2673 +2685 @@
     if ( empty($post_author) )
         $post_author = $user_ID;
-
-    $post_ID = 0;
-
-    // Get the post ID and GUID
-    if ( $update ) {
-        $post_ID = (int) $ID;
-        $guid = get_post_field( 'guid', $post_ID );
-        $post_before = get_post($post_ID);
-    }
 
     // Don't allow contributors to set the post slug for pending review posts
@@ -2894 +2897 @@
     // First, get all of the original fields
     $post = get_post($postarr['ID'], ARRAY_A);
+
+    if ( is_null( $post ) ) {
+        if ( $wp_error )
+            return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) );
+        return 0;
+    }
 
     // Escape data pulled from DB.