#58047 closed defect (bug) (fixed)
Fix non-strict comparison operator in /wp-admin/includes/schema.php line 1105
Reported by: | faisalahammad | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 6.3 | Priority: | normal |
Severity: | normal | Version: | 6.3 |
Component: | Upgrade/Install | Keywords: | has-patch |
Focuses: | coding-standards | Cc: |
Description
The issue with the code in /wp-admin/includes/schema.php line 1105 is that the comparison operator "==" is being used to compare the response code returned by wp_remote_retrieve_response_code() with the integer value 200. This is a non-strict comparison operator, which means that it will also return true if the response code is a string "200". This can lead to unexpected behavior or security vulnerabilities.
Change History (4)
This ticket was mentioned in PR #4281 on WordPress/wordpress-develop by @faisalahammad.
20 months ago
#1
- Keywords has-patch added; needs-patch removed
#2
@
19 months ago
- Component changed from General to Upgrade/Install
- Milestone changed from Awaiting Review to 6.3
#3
@
19 months ago
- Owner set to SergeyBiryukov
- Resolution set to fixed
- Status changed from new to closed
In 55866:
@SergeyBiryukov commented on PR #4281:
19 months ago
#4
Thanks for the PR! Merged in r55866.
Note: See
TracTickets for help on using
tickets.
Replace the non-strict comparison operator "==" with the strict comparison operator "===" in /wp-admin/includes/schema.php line 1105 to avoid unexpected behavior or security vulnerabilities. The updated code will ensure that the response code returned by wp_remote_retrieve_response_code() is strictly compared with the integer value 200.
Trac ticket: https://core.trac.wordpress.org/ticket/58047