Changeset 57232

Timestamp:

12/29/2023 01:52:57 PM (16 months ago)

Author:

SergeyBiryukov

Message:

Canonical: Check if the author parameter is a string in redirect_canonical().

This avoids a PHP warning or error when viewing an author on the front end, while an array is passed as $_GET['author'].

Follow-up to [12034], [12040], [12202].

Props david.binda, antonvlasenko, azaozz, SergeyBiryukov.
Fixes #60059.

Location:

trunk

Files:

• src/wp-includes/canonical.php (modified) (1 diff)
• tests/phpunit/tests/canonical.php (modified) (1 diff)

trunk/src/wp-includes/canonical.php

@@ -317 +317 @@
                 }
             }
-        } elseif ( is_author() && ! empty( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] ) ) {
+        } elseif ( is_author() && ! empty( $_GET['author'] )
+            && is_string( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] )
+        ) {
             $author = get_userdata( get_query_var( 'author' ) );
 

trunk/tests/phpunit/tests/canonical.php

@@ -207 +207 @@
             // array( '/?author=%d&year=2008', '/2008/?author=3'),
             // array( '/author/canonical-author/?year=2008', '/2008/?author=3'), // Either or, see previous testcase.
+            array( '/author/canonical-author/?author[1]=hello', '/author/canonical-author/?author[1]=hello', 60059 ),
 
             // Feeds.