Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#50067 closed defect (bug) (duplicate)

Notice if arg passed is an array in author

Reported by: malthert's profile malthert Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.4
Component: Canonical Keywords: has-patch
Focuses: Cc:

Description (last modified by SergeyBiryukov)

If bots try urls like: /?author[]=1
The following code will give a notice:
Warning: preg_match() expects parameter 2 to be string, array given

} elseif ( is_author() && ! empty( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] ) ) {

Fix:

} elseif ( is_author() && ! empty( $_GET['author'] ) && ! is_array( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] ) ) {

Change History (1)

#1 @SergeyBiryukov
4 years ago

  • Description modified (diff)
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome back to WordPress Trac!

Thanks for the report, we're already tracking this issue in #17737.

Note: See TracTickets for help on using tickets.