Validation and context parameter for query filter application
|Reported by:||kevinB||Owned by:|
One improperly implemented query filter can easily crash a site, and this risk only increases with use of filterable get_posts() calls throughout wp-admin.
In the most common scenario, a posts_where or posts_request filter fails to return a value. Even if the filter was intended for wp-admin but was not added selectively based on is_admin(), the site front end is crashed. It's the plugin's fault, but leaves the end user wondering why WP can't be more robust.
The associated patch eliminates that scenario by checking is_null() before accepting a filtered value. If null, the filter is ignored, with a warning triggered if WP_DEBUG is defined. Since this validation is performed in apply_query_filters() rather than the heavily-used apply_filters(), new overhead is minimal.
Another benefit of a dedicated apply_query_filters() function is the ability to apply filters selectively based on a query_context specified by supplemental get_posts() calls. This will also tend to mitigate the scope of query filtering errors if use of the context parameter becomes standard practice for get_posts() execution and filtering.