Make WordPress Core


Ignore:
Timestamp:
08/13/2022 10:29:19 PM (21 months ago)
Author:
johnbillion
Message:

Query: Be better at forcing data types for query vars.

Several query vars only accept a scalar value and pass the value through functions that assume a scalar value. Adding extra guard conditions to the types of query vars doesn't affect their functionality but does remove PHP notices and warnings that can otherwise be generated when a non-scalar value such as an array is present in a query var.

Props juliobox, xknown, SergeyBiryukov, dave1010, nacin, tellyworth, dd32, audrasjb, johnregan3

Fixes #17737

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-query.php

    r53827 r53891  
    793793        }
    794794
    795         $qv['page_id']  = absint( $qv['page_id'] );
    796         $qv['year']     = absint( $qv['year'] );
    797         $qv['monthnum'] = absint( $qv['monthnum'] );
    798         $qv['day']      = absint( $qv['day'] );
    799         $qv['w']        = absint( $qv['w'] );
     795        $qv['page_id']  = is_scalar( $qv['page_id'] ) ? absint( $qv['page_id'] ) : 0;
     796        $qv['year']     = is_scalar( $qv['year'] ) ? absint( $qv['year'] ) : 0;
     797        $qv['monthnum'] = is_scalar( $qv['monthnum'] ) ? absint( $qv['monthnum'] ) : 0;
     798        $qv['day']      = is_scalar( $qv['day'] ) ? absint( $qv['day'] ) : 0;
     799        $qv['w']        = is_scalar( $qv['w'] ) ? absint( $qv['w'] ) : 0;
    800800        $qv['m']        = is_scalar( $qv['m'] ) ? preg_replace( '|[^0-9]|', '', $qv['m'] ) : '';
    801         $qv['paged']    = absint( $qv['paged'] );
    802         $qv['cat']      = preg_replace( '|[^0-9,-]|', '', $qv['cat'] );    // Comma-separated list of positive or negative integers.
    803         $qv['author']   = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // Comma-separated list of positive or negative integers.
    804         $qv['pagename'] = trim( $qv['pagename'] );
    805         $qv['name']     = trim( $qv['name'] );
    806         $qv['title']    = trim( $qv['title'] );
    807         if ( '' !== $qv['hour'] ) {
     801        $qv['paged']    = is_scalar( $qv['paged'] ) ? absint( $qv['paged'] ) : 0;
     802        $qv['cat']      = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // Array or comma-separated list of positive or negative integers.
     803        $qv['author']   = is_scalar( $qv['author'] ) ? preg_replace( '|[^0-9,-]|', '', $qv['author'] ) : ''; // Comma-separated list of positive or negative integers.
     804        $qv['pagename'] = is_scalar( $qv['pagename'] ) ? trim( $qv['pagename'] ) : '';
     805        $qv['name']     = is_scalar( $qv['name'] ) ? trim( $qv['name'] ) : '';
     806        $qv['title']    = is_scalar( $qv['title'] ) ? trim( $qv['title'] ) : '';
     807
     808        if ( is_scalar( $qv['hour'] ) && '' !== $qv['hour'] ) {
    808809            $qv['hour'] = absint( $qv['hour'] );
    809         }
    810         if ( '' !== $qv['minute'] ) {
     810        } else {
     811            $qv['hour'] = '';
     812        }
     813
     814        if ( is_scalar( $qv['minute'] ) && '' !== $qv['minute'] ) {
    811815            $qv['minute'] = absint( $qv['minute'] );
    812         }
    813         if ( '' !== $qv['second'] ) {
     816        } else {
     817            $qv['minute'] = '';
     818        }
     819
     820        if ( is_scalar( $qv['second'] ) && '' !== $qv['second'] ) {
    814821            $qv['second'] = absint( $qv['second'] );
    815         }
    816         if ( '' !== $qv['menu_order'] ) {
     822        } else {
     823            $qv['second'] = '';
     824        }
     825
     826        if ( is_scalar( $qv['menu_order'] ) && '' !== $qv['menu_order'] ) {
    817827            $qv['menu_order'] = absint( $qv['menu_order'] );
     828        } else {
     829            $qv['menu_order'] = '';
    818830        }
    819831
     
    824836
    825837        // Compat. Map subpost to attachment.
    826         if ( '' != $qv['subpost'] ) {
     838        if ( is_scalar( $qv['subpost'] ) && '' != $qv['subpost'] ) {
    827839            $qv['attachment'] = $qv['subpost'];
    828840        }
    829         if ( '' != $qv['subpost_id'] ) {
     841        if ( is_scalar( $qv['subpost_id'] ) && '' != $qv['subpost_id'] ) {
    830842            $qv['attachment_id'] = $qv['subpost_id'];
    831843        }
    832844
    833         $qv['attachment_id'] = absint( $qv['attachment_id'] );
     845        $qv['attachment_id'] = is_scalar( $qv['attachment_id'] ) ? absint( $qv['attachment_id'] ) : 0;
    834846
    835847        if ( ( '' !== $qv['attachment'] ) || ! empty( $qv['attachment_id'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.