Make WordPress Core


Ignore:
Timestamp:
08/26/2016 07:08:23 PM (8 years ago)
Author:
boonebgorges
Message:

Don't improperly cast IDs when fetching post, user, or term objects.

Blindly casting passed IDs to integers can generate false positives
when the ID is cast to 1.

Props deeptiboddapati.
Fixes #37738.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-comment.php

    r36332 r38381  
    192192        global $wpdb;
    193193
     194        if ( ! is_numeric( $id ) || $id != floor( $id ) || ! $id ) {
     195            return false;
     196        }
     197
    194198        $comment_id = (int) $id;
    195         if ( ! $comment_id ) {
    196             return false;
    197         }
    198199
    199200        $_comment = wp_cache_get( $comment_id, 'comment' );
Note: See TracChangeset for help on using the changeset viewer.