Changeset 38381 for trunk/src/wp-includes/class-wp-term.php

Timestamp:

08/26/2016 07:08:23 PM (10 years ago)

Author:

boonebgorges

Message:

Don't improperly cast IDs when fetching post, user, or term objects.

Blindly casting passed IDs to integers can generate false positives
when the ID is cast to 1.

Props deeptiboddapati.
Fixes #37738.

File:

• trunk/src/wp-includes/class-wp-term.php (modified) (1 diff)

trunk/src/wp-includes/class-wp-term.php

@@ -126 +126 @@
         global $wpdb;
 
+        if ( ! is_numeric( $term_id ) || $term_id != floor( $term_id ) || ! $term_id ) {
+            return false;
+        }
+
         $term_id = (int) $term_id;
-        if ( ! $term_id ) {
-            return false;
-        }
 
         $_term = wp_cache_get( $term_id, 'terms' );