Make WordPress Core

Changeset 53857


Ignore:
Timestamp:
08/07/2022 11:03:57 PM (2 years ago)
Author:
peterwilsoncc
Message:

Rewrite rules: Prevent malformed date requests throwing notices.

Ensure that date queries contain each component before attempting to use them. This prevents http requests triggering notices if a portion of the date is missing. For example a request containing a day and year but no month, a request containing a month bu not year.

Props ovidiul, dd32, peterwilsoncc, costdev, johnbillion, SergeyBiryukov, desrosj, tremidkhar, hellofromTonya.
Fixes #52252.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rewrite.php

    r52994 r53857  
    411411
    412412    // This is the potentially clashing slug.
    413     $value = $query_vars[ $compare ];
     413    $value = '';
     414    if ( $compare && array_key_exists( $compare, $query_vars ) ) {
     415        $value = $query_vars[ $compare ];
     416    }
    414417
    415418    $post = get_page_by_path( $value, OBJECT, 'post' );
  • trunk/tests/phpunit/tests/query.php

    r53483 r53857  
    22
    33class Tests_Query extends WP_UnitTestCase {
     4
     5    /**
     6     * Fixed date post ID.
     7     *
     8     * @var int
     9     */
     10    public static $post_with_date;
    411
    512    public function set_up() {
     
    815        $this->set_permalink_structure( '/%year%/%monthnum%/%day%/%postname%/' );
    916        create_initial_taxonomies();
     17    }
     18
     19    public static function wpSetUpBeforeClass( WP_UnitTest_Factory $factory ) {
     20        self::$post_with_date = $factory->post->create(
     21            array(
     22                'post_date' => '2020-01-05 12:00:00',
     23                'post_name' => 'post-with-date',
     24            )
     25        );
    1026    }
    1127
     
    699715
    700716    /**
     717     * @ticket 52252
     718     * @dataProvider data_malformed_date_queries
     719     *
     720     * @param string $permalink_structure Permalink structure.
     721     * @param array $query_vars Querystring parameteres.
     722     */
     723    public function test_malformed_date_queries( $permalink_structure, $query_vars ) {
     724        $this->set_permalink_structure( $permalink_structure );
     725        $this->go_to( add_query_arg( $query_vars, home_url() ) );
     726
     727        /*
     728         * Ticket 52252 was to prevent notices from being thrown
     729         * if the date query is malformed.
     730         *
     731         * The test will automatically fail if the function triggers a notice,
     732         * so this dummy assertion is just for accurate stats.
     733         */
     734        $this->assertTrue( true );
     735    }
     736
     737    /**
     738     * Data provider for test_malformed_date_queries.
     739     *
     740     * @return array Test data.
     741     */
     742    public function data_malformed_date_queries() {
     743        return array(
     744            '/%postname%/ with missing year'         => array(
     745                '/%postname%/',
     746                array(
     747                    'monthnum' => 1,
     748                    'day'      => 15,
     749                ),
     750            ),
     751            '/%postname%/ with month only'           => array(
     752                '/%postname%/',
     753                array(
     754                    'monthnum' => 1,
     755                ),
     756            ),
     757            '/%year%/%postname%/ with missing month' => array(
     758                '/%year%/%postname%/',
     759                array(
     760                    'year' => 2020,
     761                    'day'  => 15,
     762                ),
     763            ),
     764        );
     765    }
     766
     767    /**
    701768     * @ticket 55100
    702769     */
Note: See TracChangeset for help on using the changeset viewer.