WordPress.org

Make WordPress Core

Opened 16 months ago

Last modified 4 weeks ago

#43056 new defect (bug)

Notice in redirect_guess_404_permalink() when post type is an array

Reported by: junaidbhura Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Canonical Keywords: has-patch
Focuses: Cc:

Description

When manipulating URLs, it sometimes becomes necessary to update the query using the pre_get_posts hook.

If we set the post type to an array in the pre_get_posts hook like so:

$query->set( 'post_type', array( 'post', 'page', 'my_cpt' ) );

On a 404 page, we get a notice when WP_DEBUG is set to true:

Notice: wpdb::prepare was called incorrectly. The query only expected one placeholder, but an array of multiple placeholders was sent.

This is caused by the following code in redirect_guess_404_permalink():

$where .= $wpdb->prepare(" AND post_type = %s", get_query_var('post_type'));

This can be fixed by looking for an array and updating the query.

Attachments (2)

43056.diff (853 bytes) - added by junaidbhura 16 months ago.
canonical.php.patch (973 bytes) - added by Enchiridion 3 months ago.

Download all attachments as: .zip

Change History (11)

@junaidbhura
16 months ago

#1 @junaidbhura
16 months ago

  • Keywords has-patch added

This ticket was mentioned in Slack in #core by junaidbhura. View the logs.


16 months ago

#3 @SergeyBiryukov
14 months ago

  • Milestone changed from Awaiting Review to 5.0

#4 @SergeyBiryukov
7 months ago

  • Milestone changed from 5.0 to 5.1

#5 @pento
3 months ago

  • Keywords needs-refresh added
  • Milestone changed from 5.1 to Future Release
  • Version trunk deleted

I suspect 43056.diff will introduce SQL injection issues. wpdb:prepare() won't put quotes around each element of the array being sent to it when replacing into the %s.

#6 @Enchiridion
3 months ago

This issue has been bugging me too. I've updated the patch with SQL escaping.

#7 @laternastudio
8 weeks ago

Would love to see this released soon!

#8 @Enchiridion
4 weeks ago

  • Keywords needs-refresh removed

This ticket was mentioned in Slack in #core by enchiridion. View the logs.


4 weeks ago

Note: See TracTickets for help on using tickets.