Changeset 49563

Timestamp:

11/12/2020 04:14:44 AM (4 years ago)

Author:

peterwilsoncc

Message:

Canonical: Prevent ID enumeration of private post slugs.

Add check to redirect_canonical() to ensure the destination post is not using a private post status.

Props dd32, Denis-de-Bernardy, donmhico, helen, nacin, peterwilsoncc, pishmishy, TimothyBlynJacobs, tzafrir, Viper007Bond, whyisjake.
Fixes #5272.

Location:

trunk

Files:

• src/wp-includes/canonical.php (modified) (14 diffs)
• src/wp-includes/link-template.php (modified) (1 diff)
• tests/phpunit/tests/canonical/postStatus.php (added)

trunk/src/wp-includes/canonical.php

@@ -78 +78 @@
     $redirect     = $original;
     $redirect_url = false;
+
 
     // Notice fixing.
@@ -103 +104 @@
     if ( is_feed() && $post_id ) {
         $redirect_url = get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) );
+
 
         if ( $redirect_url ) {
@@ -127 +129 @@
 
             $redirect_url = get_permalink( $post_id );
+
 
             if ( $redirect_url ) {
@@ -151 +154 @@
             if ( $post_type_obj->public && 'auto-draft' !== $redirect_post->post_status ) {
                 $redirect_url = get_permalink( $redirect_post );
+
 
                 $redirect['query'] = _remove_qs_args_if_not_in_url(
@@ -198 +202 @@
             if ( $post_id ) {
                 $redirect_url = get_permalink( $post_id );
+
 
                 $redirect['path']  = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' );
@@ -224 +229 @@
             if ( ! empty( $_GET['attachment_id'] ) ) {
                 $redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) );
+
 
                 if ( $redirect_url ) {
@@ -230 +236 @@
             } else {
                 $redirect_url = get_attachment_link();
+
             }
         } elseif ( is_single() && ! empty( $_GET['p'] ) && ! $redirect_url ) {
             $redirect_url = get_permalink( get_query_var( 'p' ) );
+
 
             if ( $redirect_url ) {
@@ -239 +247 @@
         } elseif ( is_single() && ! empty( $_GET['name'] ) && ! $redirect_url ) {
             $redirect_url = get_permalink( $wp_query->get_queried_object_id() );
+
 
             if ( $redirect_url ) {
@@ -245 +254 @@
         } elseif ( is_page() && ! empty( $_GET['page_id'] ) && ! $redirect_url ) {
             $redirect_url = get_permalink( get_query_var( 'page_id' ) );
+
 
             if ( $redirect_url ) {
@@ -257 +267 @@
         ) {
             $redirect_url = get_permalink( get_option( 'page_for_posts' ) );
+
 
             if ( $redirect_url ) {
@@ -311 +322 @@
             ) {
                 $redirect_url = get_author_posts_url( $author->ID, $author->user_nicename );
+
 
                 if ( $redirect_url ) {
@@ -386 +398 @@
                 ) {
                     $redirect_url = get_permalink( $wp_query->get_queried_object_id() );
+
                 }
             }
@@ -396 +409 @@
             if ( ! $redirect_url ) {
                 $redirect_url = get_permalink( get_queried_object_id() );
+
             }
 
@@ -741 +755 @@
     }
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
     /**
      * Filters the canonical redirect URL.

trunk/src/wp-includes/link-template.php

@@ -419 +419 @@
     if ( $parent && ! in_array( $parent->post_type, get_post_types(), true ) ) {
         $parent = false;
+
+
+
+
+
+
+
+
+
+
+
     }