WordPress.org

Make WordPress Core

Opened 7 weeks ago

Last modified 3 weeks ago

#47965 new defect (bug)

Missing strict comparison check in REST Autosaves Controller

Reported by: dkarfa Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: REST API Keywords: has-patch
Focuses: rest-api Cc:
PR Number:

Description

Missing Yoda conditions check at wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php

Attachments (2)

47965.patch (1.4 KB) - added by dkarfa 7 weeks ago.
47965.1.diff (879 bytes) - added by itowhid06 3 weeks ago.

Download all attachments as: .zip

Change History (6)

@dkarfa
7 weeks ago

#1 @dkarfa
7 weeks ago

  • Component changed from General to REST API

#2 @mukesh27
7 weeks ago

  • Focuses rest-api added
  • Keywords has-patch added

#3 @TimothyBlynJacobs
7 weeks ago

  • Summary changed from Missing Yoda Conditions check to Missing strict comparison check in REST Autosaves Controller

Thanks for the patch @dkarfa!

I'm a bit worried about the $post->post_author === $user_id check. In the type doc it is listed as a string and accompanied by "A numeric string, for compatibility reasons."

#4 @itowhid06
3 weeks ago

I completely agree with @TimothyBlynJacobs about $post->post_author === $user_id check. Also the patch doesn't apply properly and I've refreshed it. I hope @dkarfa is OK with it :)

@itowhid06
3 weeks ago

Note: See TracTickets for help on using tickets.