WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 9 days ago

#47965 reviewing defect (bug)

Missing strict comparison check in REST Autosaves Controller

Reported by: dkarfa Owned by: SergeyBiryukov
Milestone: 5.4 Priority: normal
Severity: normal Version:
Component: REST API Keywords: has-patch dev-feedback
Focuses: rest-api Cc:
PR Number:

Description

Missing Yoda conditions check at wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php

Attachments (2)

47965.patch (1.4 KB) - added by dkarfa 3 months ago.
47965.1.diff (879 bytes) - added by itowhid06 2 months ago.

Download all attachments as: .zip

Change History (8)

@dkarfa
3 months ago

#1 @dkarfa
3 months ago

  • Component changed from General to REST API

#2 @mukesh27
3 months ago

  • Focuses rest-api added
  • Keywords has-patch added

#3 @TimothyBlynJacobs
3 months ago

  • Summary changed from Missing Yoda Conditions check to Missing strict comparison check in REST Autosaves Controller

Thanks for the patch @dkarfa!

I'm a bit worried about the $post->post_author === $user_id check. In the type doc it is listed as a string and accompanied by "A numeric string, for compatibility reasons."

#4 @itowhid06
2 months ago

I completely agree with @TimothyBlynJacobs about $post->post_author === $user_id check. Also the patch doesn't apply properly and I've refreshed it. I hope @dkarfa is OK with it :)

@itowhid06
2 months ago

#5 @TimothyBlynJacobs
5 weeks ago

  • Keywords dev-feedback added

In other places this is used in core, a non-strict comparison check is used as well. For instance, wp_save_post_revision() or wp_create_post_autosave(). I think we'd want to be consistent, but I'm not sure.

Cc: @SergeyBiryukov

#6 @SergeyBiryukov
9 days ago

  • Milestone changed from Awaiting Review to 5.4
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing
Note: See TracTickets for help on using tickets.