Make WordPress Core


Ignore:
Timestamp:
08/26/2016 07:08:23 PM (8 years ago)
Author:
boonebgorges
Message:

Don't improperly cast IDs when fetching post, user, or term objects.

Blindly casting passed IDs to integers can generate false positives
when the ID is cast to 1.

Props deeptiboddapati.
Fixes #37738.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-post.php

    r35170 r38381  
    211211        global $wpdb;
    212212
     213        if ( ! is_numeric( $post_id ) || $post_id != floor( $post_id ) || ! $post_id ) {
     214            return false;
     215        }
     216
    213217        $post_id = (int) $post_id;
    214         if ( ! $post_id )
    215             return false;
    216218
    217219        $_post = wp_cache_get( $post_id, 'posts' );
Note: See TracChangeset for help on using the changeset viewer.