Opened 4 years ago
Last modified 4 years ago
#50877 assigned defect (bug)
Always sanitize post types' and taxonomies' rewrite arguments
Reported by: | flixos90 | Owned by: | flixos90 |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Posts, Post Types | Keywords: | has-patch |
Focuses: | Cc: |
Description
When registering a post type or taxonomy, currently the $rewrite
argument / property is only sanitized if pretty permalinks are enabled.
While this condition makes sense for whether to add the actual rewrite rules, sanitization itself should not depend on this external factor. Right now, effectively the $rewrite
property will be invalid for post types and taxonomies when pretty permalinks are not enabled. When changing the permalink structure during a request (e.g. relevant in tests), this may result in PHP warnings, since the $rewrite
property is expected to be an array, but due to lack of sanitization could still be e.g. a boolean true
.
Sanitization of rewrite arguments should always happen for post types and taxonomies to ensure integrity of the property.
Change History (3)
This ticket was mentioned in PR #458 on WordPress/wordpress-develop by felixarntz.
4 years ago
#1
- Keywords has-patch added; needs-patch removed
#2
follow-up:
↓ 3
@
4 years ago
Some popular plugins are using 'rewrite' => true
: https://wpdirectory.net/search/01EF79HQWV15WHA0EDJBM1MPBE
How would this patch change the behavior of these plugins?
Trac ticket: https://core.trac.wordpress.org/ticket/50877