Changeset 56815

Timestamp:

10/10/2023 11:20:28 AM (17 months ago)

Author:

SergeyBiryukov

Message:

Query: Ensure that the page parameter is scalar in WP_Query::get_posts().

The page query var only accepts a scalar value and passes the value through functions that assume a scalar value.

Adding an extra guard condition does not affect its functionality but does avoid a PHP fatal error for trim() when a non-scalar value such as an array is passed.

Follow-up to [2535], [53891].

Props brookedot, rlmc, mukesh27, SergeyBiryukov.
Fixes #56558.

Location:

trunk

Files:

• src/wp-includes/class-wp-query.php (modified) (1 diff)
• tests/phpunit/tests/query/invalidQueries.php (modified) (1 diff)

trunk/src/wp-includes/class-wp-query.php

@@ -2021 +2021 @@
 
         if ( isset( $q['page'] ) ) {
-            $q['page'] = trim( $q['page'], '/' );
-            $q['page'] = absint( $q['page'] );
+            $q['page'] = is_scalar( $q['page'] ) ? absint( trim( $q['page'], '/' ) ) : 0;
         }
 

trunk/tests/phpunit/tests/query/invalidQueries.php

@@ -160 +160 @@
         $this->assertCount( 1, $query->posts );
     }
+
+    /**
+     * Ensure a non-scalar page parameter does not throw a fatal error for trim().
+     *
+     * @ticket 56558
+     * @covers WP_Query::get_posts
+     */
+    public function test_non_scalar_page_value() {
+        $query = new WP_Query(
+            array(
+                'page' => array( 1, 2, 3 ),
+            )
+        );
+
+        $this->assertSame( 0, $query->query_vars['page'] );
+    }
 }