Make WordPress Core

Changeset 41786


Ignore:
Timestamp:
10/06/2017 11:28:38 PM (7 years ago)
Author:
SergeyBiryukov
Message:

Rewrite: In url_to_postid(), bail early if the URL does not belong to the site.

Props ivankristianto, swissspidy, jkhongusc, SergeyBiryukov.
Fixes #39373.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rewrite.php

    r37544 r41786  
    472472    $url = apply_filters( 'url_to_postid', $url );
    473473
     474    $url_host      = str_replace( 'www.', '', parse_url( $url, PHP_URL_HOST ) );
     475    $home_url_host = str_replace( 'www.', '', parse_url( home_url(), PHP_URL_HOST ) );
     476
     477    // Bail early if the URL does not belong to this site.
     478    if ( $url_host && $url_host !== $home_url_host ) {
     479        return 0;
     480    }
     481
    474482    // First, check to see if there is a 'p=N' or 'page_id=N' to match against
    475483    if ( preg_match('#[?&](p|page_id|attachment_id)=(\d+)#', $url, $values) )   {
  • trunk/tests/phpunit/tests/rewrite.php

    r40564 r41786  
    361361
    362362    /**
     363     * @ticket 39373
     364     */
     365    public function test_url_to_postid_should_bail_when_host_does_not_match() {
     366        $this->set_permalink_structure( '/%postname%/' );
     367
     368        $post_id = self::factory()->post->create( array( 'post_name' => 'foo-bar-baz' ) );
     369        $permalink = get_permalink( $post_id );
     370        $url = str_replace( home_url(), 'http://some-other-domain.com', get_permalink( $post_id ) );
     371
     372        $this->assertSame( $post_id, url_to_postid( $permalink ) );
     373        $this->assertSame( 0, url_to_postid( $url ) );
     374    }
     375
     376    /**
    363377     * @ticket 21970
    364378     */
Note: See TracChangeset for help on using the changeset viewer.