Make WordPress Core

Opened 16 months ago

Last modified 16 months ago

#50877 assigned defect (bug)

Always sanitize post types' and taxonomies' rewrite arguments

Reported by: flixos90 Owned by: flixos90
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Posts, Post Types Keywords: has-patch
Focuses: Cc:


When registering a post type or taxonomy, currently the $rewrite argument / property is only sanitized if pretty permalinks are enabled.

While this condition makes sense for whether to add the actual rewrite rules, sanitization itself should not depend on this external factor. Right now, effectively the $rewrite property will be invalid for post types and taxonomies when pretty permalinks are not enabled. When changing the permalink structure during a request (e.g. relevant in tests), this may result in PHP warnings, since the $rewrite property is expected to be an array, but due to lack of sanitization could still be e.g. a boolean true.

Sanitization of rewrite arguments should always happen for post types and taxonomies to ensure integrity of the property.

Change History (3)

This ticket was mentioned in PR #458 on WordPress/wordpress-develop by felixarntz.

16 months ago

  • Keywords has-patch added; needs-patch removed

#2 follow-up: @jnylen0
16 months ago

Some popular plugins are using 'rewrite' => true: https://wpdirectory.net/search/01EF79HQWV15WHA0EDJBM1MPBE

How would this patch change the behavior of these plugins?

#3 in reply to: ↑ 2 @jnylen0
16 months ago

Replying to jnylen0:


In case this search is deleted from wpdirectory.net: 'rewrite'\s*=> [^a\[f]

Note: See TracTickets for help on using tickets.