WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#36718 closed defect (bug) (fixed)

WP_Query::parse_query does not handle the "m" param correctly

Reported by: vortfu Owned by: boonebgorges
Milestone: 4.6 Priority: normal
Severity: normal Version:
Component: Query Keywords:
Focuses: Cc:
PR Number:

Description

The fix for #24884 (in r25138) introduced a bug where WP_Query::parse_query() allows the m param to be passed as a non scalar type - leading to a potential SQL query error in WP_Query::get_posts().

wp> $q = new WP_Query( [ 'm' => [ 123 ] ] );
wp> $q->get_posts();
Warning: strlen() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 1689
Warning: strlen() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 1691
Warning: strlen() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 1693
Warning: substr() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 2627
Warning: strlen() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 2628
Warning: strlen() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 2630
Warning: strlen() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 2632
Warning: strlen() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 2634
Warning: strlen() expects parameter 1 to be string, array given in ./wp-includes/query.php on line 2636

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish') ORDER BY' at line 1 for query SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND YEAR(wp_posts.post_date)= AND wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish') ORDER BY wp_posts.post_date DESC LIMIT 0, 10 ...

Attachments (1)

36718.patch (1.5 KB) - added by vortfu 4 years ago.

Download all attachments as: .zip

Change History (4)

@vortfu
4 years ago

#1 @vortfu
4 years ago

  • Summary changed from WP_Query::parse_ to WP_Query::parse_query does not handle the "m" param correctly

#2 @boonebgorges
4 years ago

  • Component changed from General to Query
  • Milestone changed from Awaiting Review to 4.6

Thanks for the patch!

#3 @boonebgorges
4 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 37324:

Query: Discard non-scalar 'm' instead of attempting to sanitize.

WP_Query discards most non-array date values ('year', 'monthnum', etc) by
casting to integer. Since [25138], the 'm' parameter has been handled
as a string; see #24884. However, the string-handling introduced in [25138]
blindly attempted to handle arrays and other non-scalar types as strings,
resulting in PHP notices and invalid MySQL syntax.

Props vortfu.
Fixes #36718.

Note: See TracTickets for help on using tickets.