Make WordPress Core

Changeset 25138


Ignore:
Timestamp:
08/27/2013 03:19:54 PM (11 years ago)
Author:
nacin
Message:

Don't cast the 'm' query variable to an integer as the value can exceed the range of a 32-bit signed integer.

props Viper007Bond.
fixes #24884.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/query.php

    r25110 r25138  
    14461446        $qv['day'] = absint($qv['day']);
    14471447        $qv['w'] = absint($qv['w']);
    1448         $qv['m'] = absint($qv['m']);
     1448        $qv['m'] = preg_replace( '|[^0-9]|', '', $qv['m'] );
    14491449        $qv['paged'] = absint($qv['paged']);
    14501450        $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers
     
    20482048        // If a month is specified in the querystring, load that month
    20492049        if ( $q['m'] ) {
    2050             $q['m'] = '' . preg_replace('|[^0-9]|', '', $q['m']);
    20512050            $where .= " AND YEAR($wpdb->posts.post_date)=" . substr($q['m'], 0, 4);
    20522051            if ( strlen($q['m']) > 5 )
Note: See TracChangeset for help on using the changeset viewer.