WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/20/2016 02:31:31 AM (5 years ago)
Author:
boonebgorges
Message:

Query: Non-scalar and negative values for 'p' should always result in a 404.

Previously, the 'p' query var was being run through absint(), which
caused unexpected results.

Props Akeif, kouratoras.
Fixes #33372.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/query.php

    r38279 r38288  
    16031603            $this->is_robots = true;
    16041604
    1605         $qv['p'] =  absint($qv['p']);
     1605        if ( ! is_scalar( $qv['p'] ) || $qv['p'] < 0 ) {
     1606            $qv['p'] = 0;
     1607            $qv['error'] = '404';
     1608        } else {
     1609            $qv['p'] = intval( $qv['p'] );
     1610        }
     1611
    16061612        $qv['page_id'] =  absint($qv['page_id']);
    16071613        $qv['year'] = absint($qv['year']);
Note: See TracChangeset for help on using the changeset viewer.