Opened 18 months ago
Last modified 12 months ago
#58619 assigned defect (bug)
absint() causes unexpected behavior for metadata functions which use get_metadata_raw()
Reported by: | michelleblanchette | Owned by: | pbearne |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Options, Meta APIs | Keywords: | has-patch |
Focuses: | Cc: |
Description
I discovered this behavior when testing on WordPress version 5.6 and observed the logic flaw in the current code documentation.
In my instance, I have a function that is expected to retrieve a user ID and returns -1 as an error case. This can then end up being used with WordPress's get_user_meta() which eventually uses get_metadata_raw(). The use of absint() on the $object_id within this function causes unexpected behavior as my -1, an invalid object ID, is now interpreted as 1, a valid object ID.
I was expecting WordPress to treat the object ID as invalid if it was so, but it instead changed the value of my provided argument.
The offending code is here: https://core.trac.wordpress.org/browser/tags/6.2/src/wp-includes/meta.php#L603
Please let me know if I'm misunderstanding the purpose of absint() within this function, but it seems like a sneaky rug pull gotcha. I believe the validation on L599 which includes ! is_numeric( $object_id )
should also include || $object_id < 0
to resolve this issue, as well as change L603 to use intval().
Improved the validation of object_id in the get_metadata_raw function by checking if it's a positive integer. This is done using the filter_var PHP function with FILTER_VALIDATE_INT and specifying a minimum range of 0.