Make WordPress Core

Changeset 38381


Ignore:
Timestamp:
08/26/2016 07:08:23 PM (8 years ago)
Author:
boonebgorges
Message:

Don't improperly cast IDs when fetching post, user, or term objects.

Blindly casting passed IDs to integers can generate false positives
when the ID is cast to 1.

Props deeptiboddapati.
Fixes #37738.

Location:
trunk
Files:
3 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-comment.php

    r36332 r38381  
    192192        global $wpdb;
    193193
     194        if ( ! is_numeric( $id ) || $id != floor( $id ) || ! $id ) {
     195            return false;
     196        }
     197
    194198        $comment_id = (int) $id;
    195         if ( ! $comment_id ) {
    196             return false;
    197         }
    198199
    199200        $_comment = wp_cache_get( $comment_id, 'comment' );
  • trunk/src/wp-includes/class-wp-post.php

    r35170 r38381  
    211211        global $wpdb;
    212212
     213        if ( ! is_numeric( $post_id ) || $post_id != floor( $post_id ) || ! $post_id ) {
     214            return false;
     215        }
     216
    213217        $post_id = (int) $post_id;
    214         if ( ! $post_id )
    215             return false;
    216218
    217219        $_post = wp_cache_get( $post_id, 'posts' );
  • trunk/src/wp-includes/class-wp-term.php

    r38312 r38381  
    126126        global $wpdb;
    127127
     128        if ( ! is_numeric( $term_id ) || $term_id != floor( $term_id ) || ! $term_id ) {
     129            return false;
     130        }
     131
    128132        $term_id = (int) $term_id;
    129         if ( ! $term_id ) {
    130             return false;
    131         }
    132133
    133134        $_term = wp_cache_get( $term_id, 'terms' );
Note: See TracChangeset for help on using the changeset viewer.