Make WordPress Core

Changeset 56115


Ignore:
Timestamp:
06/29/2023 11:25:38 PM (19 months ago)
Author:
johnbillion
Message:

General: Ignore invalid types for the '_wp_http_referer' URL query variable.

It's expected that this query variable contains a string when it's set, but it's possible for its type to be something else such as an array. Ignoring non-string values prevents cascading errors when its value is passed through functions that expect a string.

Props xknown, costdev, jrf, azaozz

Fixes #57670

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r56031 r56115  
    19771977
    19781978/**
    1979  * Retrieves unvalidated referer from '_wp_http_referer' or HTTP referer.
     1979 * Retrieves unvalidated referer from the '_wp_http_referer' URL query variable or the HTTP referer.
     1980 *
     1981 * If the value of the '_wp_http_referer' URL query variable is not a string then it will be ignored.
    19801982 *
    19811983 * Do not use for redirects, use wp_get_referer() instead.
     
    19861988 */
    19871989function wp_get_raw_referer() {
    1988     if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
     1990    if ( ! empty( $_REQUEST['_wp_http_referer'] ) && is_string( $_REQUEST['_wp_http_referer'] ) ) {
    19891991        return wp_unslash( $_REQUEST['_wp_http_referer'] );
    19901992    } elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) ) {
  • trunk/tests/phpunit/tests/functions/referer.php

    r51568 r56115  
    157157        $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() );
    158158    }
     159
     160    /**
     161     * @ticket 57670
     162     */
     163    public function test_raw_referer_is_false_on_invalid_request_parameter() {
     164        $_REQUEST['_wp_http_referer'] = array( 'demo' );
     165        $this->assertFalse( wp_get_raw_referer() );
     166    }
    159167}
Note: See TracChangeset for help on using the changeset viewer.