WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 8 weeks ago

#52178 new defect (bug)

Allowed memory size exhausted / url creates new post entry?

Reported by: sgatz Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.6
Component: Posts, Post Types Keywords: reporter-feedback
Focuses: Cc:

Description

We get repeated bots (across multiple WP sites) hitting a specific URL pattern, they append a query string onto the end of a wordpress URL like this:

https://www.example.com/permalink-to-article?q=user%2Fpassword&name%5B%23markup%5D=id&name%5B%23type%5D=markup&name%5B%23post_render%5D%5B%5D=passthru

This causes a memory exhausted error here:
/wp/wp-includes/post.php at line 773:

} elseif ( is_object( $post ) ) {
		if ( empty( $post->filter ) ) {
			$_post = sanitize_post( $post, 'raw' );
			$_post = new WP_Post( $_post );    ##<--- HERE
		} elseif ( 'raw' === $post->filter ) {
			$_post = new WP_Post( $post );
		} else {


Change History (3)

#1 @SergeyBiryukov
2 months ago

  • Component changed from General to Posts, Post Types

This ticket was mentioned in Slack in #core by lukecarbis. View the logs.


8 weeks ago

#3 @noisysocks
8 weeks ago

  • Keywords reporter-feedback added

Hi @sgatz! Does this happen when all plugins are deactivated and a default theme is used? I'm unable to recreate the error when I append that query string to a post permalink.

Note: See TracTickets for help on using tickets.