Make WordPress Core


Ignore:
Timestamp:
06/29/2023 11:25:38 PM (20 months ago)
Author:
johnbillion
Message:

General: Ignore invalid types for the '_wp_http_referer' URL query variable.

It's expected that this query variable contains a string when it's set, but it's possible for its type to be something else such as an array. Ignoring non-string values prevents cascading errors when its value is passed through functions that expect a string.

Props xknown, costdev, jrf, azaozz

Fixes #57670

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/functions/referer.php

    r51568 r56115  
    157157        $this->assertSame( 'http://foo.bar/baz', wp_get_raw_referer() );
    158158    }
     159
     160    /**
     161     * @ticket 57670
     162     */
     163    public function test_raw_referer_is_false_on_invalid_request_parameter() {
     164        $_REQUEST['_wp_http_referer'] = array( 'demo' );
     165        $this->assertFalse( wp_get_raw_referer() );
     166    }
    159167}
Note: See TracChangeset for help on using the changeset viewer.