Changeset 55543

Timestamp:

03/14/2023 03:51:28 PM (3 months ago)

Author:

spacedmonkey

Message:

Cache API: Add a warning when calling _get_non_cached_ids with invalid ids.

Sanitize the array of ids passed to the _get_non_cached_ids function and add a _doing_it_wrong call, if an invalid type is passed.

Props tillkruess, spacedmonkey, peterwilsoncc, flixos90, SergeyBiryukov.
Fixes #57593.

Location:

trunk

Files:

• src/wp-includes/functions.php (modified) (2 diffs)
• tests/phpunit/tests/functions/getNonCachedIds.php (added)

trunk/src/wp-includes/functions.php

@@ -7015 +7015 @@
  */
 function _get_non_cached_ids( $object_ids, $cache_key ) {
+    $object_ids = array_filter( $object_ids, '_validate_cache_id' );
+    $object_ids = array_unique( array_map( 'intval', $object_ids ), SORT_NUMERIC );
+
+    if ( empty( $object_ids ) ) {
+        return array();
+    }
+
     $non_cached_ids = array();
     $cache_values   = wp_cache_get_multiple( $object_ids, $cache_key );
@@ -7025 +7032 @@
 
     return $non_cached_ids;
+}
+
+/**
+ * Checks whether the given cache ID is either an integer or iterger-like strings.
+ * Both `16` and `"16"` are considered valid, other numeric types and numeric
+ * strings (`16.3` and `"16.3"`) are considered invalid.
+ *
+ * @since 6.3.0
+ *
+ * @param mixed $object_id The cache id to validate.
+ * @return bool Whether the given $object_id is a valid cache id.
+ */
+function _validate_cache_id( $object_id ) {
+    // Unfortunately filter_var() is considered an optional extension
+    if ( is_int( $object_id )
+        || ( is_string( $object_id ) && (string) (int) $object_id === $object_id ) ) {
+        return true;
+    }
+
+    /* translators: %s: The type of the given object id. */
+    $message = sprintf( __( 'Object id must be integer, %s given.' ), gettype( $object_id ) );
+    _doing_it_wrong( '_get_non_cached_ids', $message, '6.3.0' );
+
+    return false;
 }