WordPress.org

Make WordPress Core

Changeset 41786


Ignore:
Timestamp:
10/06/17 23:28:38 (11 days ago)
Author:
SergeyBiryukov
Message:

Rewrite: In url_to_postid(), bail early if the URL does not belong to the site.

Props ivankristianto, swissspidy, jkhongusc, SergeyBiryukov.
Fixes #39373.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rewrite.php

    r37544 r41786  
    472472    $url = apply_filters( 'url_to_postid', $url ); 
    473473 
     474    $url_host      = str_replace( 'www.', '', parse_url( $url, PHP_URL_HOST ) ); 
     475    $home_url_host = str_replace( 'www.', '', parse_url( home_url(), PHP_URL_HOST ) ); 
     476 
     477    // Bail early if the URL does not belong to this site. 
     478    if ( $url_host && $url_host !== $home_url_host ) { 
     479        return 0; 
     480    } 
     481 
    474482    // First, check to see if there is a 'p=N' or 'page_id=N' to match against 
    475483    if ( preg_match('#[?&](p|page_id|attachment_id)=(\d+)#', $url, $values) )   { 
  • trunk/tests/phpunit/tests/rewrite.php

    r40564 r41786  
    361361 
    362362    /** 
     363     * @ticket 39373 
     364     */ 
     365    public function test_url_to_postid_should_bail_when_host_does_not_match() { 
     366        $this->set_permalink_structure( '/%postname%/' ); 
     367 
     368        $post_id = self::factory()->post->create( array( 'post_name' => 'foo-bar-baz' ) ); 
     369        $permalink = get_permalink( $post_id ); 
     370        $url = str_replace( home_url(), 'http://some-other-domain.com', get_permalink( $post_id ) ); 
     371 
     372        $this->assertSame( $post_id, url_to_postid( $permalink ) ); 
     373        $this->assertSame( 0, url_to_postid( $url ) ); 
     374    } 
     375 
     376    /** 
    363377     * @ticket 21970 
    364378     */ 
Note: See TracChangeset for help on using the changeset viewer.