Make WordPress Core


Ignore:
Timestamp:
10/10/2023 11:20:28 AM (14 months ago)
Author:
SergeyBiryukov
Message:

Query: Ensure that the page parameter is scalar in WP_Query::get_posts().

The page query var only accepts a scalar value and passes the value through functions that assume a scalar value.

Adding an extra guard condition does not affect its functionality but does avoid a PHP fatal error for trim() when a non-scalar value such as an array is passed.

Follow-up to [2535], [53891].

Props brookedot, rlmc, mukesh27, SergeyBiryukov.
Fixes #56558.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-query.php

    r56811 r56815  
    20212021
    20222022        if ( isset( $q['page'] ) ) {
    2023             $q['page'] = trim( $q['page'], '/' );
    2024             $q['page'] = absint( $q['page'] );
     2023            $q['page'] = is_scalar( $q['page'] ) ? absint( trim( $q['page'], '/' ) ) : 0;
    20252024        }
    20262025
Note: See TracChangeset for help on using the changeset viewer.