Opened 4 years ago
Last modified 4 years ago
#52178 new defect (bug)
Allowed memory size exhausted / url creates new post entry?
Reported by: | sgatz | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.6 |
Component: | Posts, Post Types | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description
We get repeated bots (across multiple WP sites) hitting a specific URL pattern, they append a query string onto the end of a wordpress URL like this:
https://www.example.com/permalink-to-article?q=user%2Fpassword&name%5B%23markup%5D=id&name%5B%23type%5D=markup&name%5B%23post_render%5D%5B%5D=passthru
This causes a memory exhausted error here:
/wp/wp-includes/post.php at line 773:
} elseif ( is_object( $post ) ) { if ( empty( $post->filter ) ) { $_post = sanitize_post( $post, 'raw' ); $_post = new WP_Post( $_post ); ##<--- HERE } elseif ( 'raw' === $post->filter ) { $_post = new WP_Post( $post ); } else {
Change History (3)
Note: See
TracTickets for help on using
tickets.
Hi @sgatz! Does this happen when all plugins are deactivated and a default theme is used? I'm unable to recreate the error when I append that query string to a post permalink.