Get WordPress

Make WordPress Core

Changeset 53891

Timestamp:
08/13/2022 10:29:19 PM (2 years ago)
Author:
johnbillion
Message:

Query: Be better at forcing data types for query vars.

Several query vars only accept a scalar value and pass the value through functions that assume a scalar value. Adding extra guard conditions to the types of query vars doesn't affect their functionality but does remove PHP notices and warnings that can otherwise be generated when a non-scalar value such as an array is present in a query var.

Props juliobox, xknown, SergeyBiryukov, dave1010, nacin, tellyworth, dd32, audrasjb, johnregan3

Fixes #17737

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/class-wp-query.php

    r53827 r53891  
    793793        }
    794794
    795         $qv['page_id']  = absint( $qv['page_id'] );
    796         $qv['year']     = absint( $qv['year'] );
    797         $qv['monthnum'] = absint( $qv['monthnum'] );
    798         $qv['day']      = absint( $qv['day'] );
    799         $qv['w']        = absint( $qv['w'] );
     795        $qv['page_id']  = ;
     796        $qv['year']     = ;
     797        $qv['monthnum'] = ;
     798        $qv['day']      = ;
     799        $qv['w']        = ;
    800800        $qv['m']        = is_scalar( $qv['m'] ) ? preg_replace( '|[^0-9]|', '', $qv['m'] ) : '';
    801         $qv['paged']    = absint( $qv['paged'] );
    802         $qv['cat']      = preg_replace( '|[^0-9,-]|', '', $qv['cat'] );    // Comma-separated list of positive or negative integers.
    803         $qv['author']   = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // Comma-separated list of positive or negative integers.
    804         $qv['pagename'] = trim( $qv['pagename'] );
    805         $qv['name']     = trim( $qv['name'] );
    806         $qv['title']    = trim( $qv['title'] );
    807         if ( '' !== $qv['hour'] ) {
     801        $qv['paged']    = is_scalar( $qv['paged'] ) ? absint( $qv['paged'] ) : 0;
     802        $qv['cat']      = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // Array or comma-separated list of positive or negative integers.
     803        $qv['author']   = is_scalar( $qv['author'] ) ? preg_replace( '|[^0-9,-]|', '', $qv['author'] ) : ''; // Comma-separated list of positive or negative integers.
     804        $qv['pagename'] = is_scalar( $qv['pagename'] ) ? trim( $qv['pagename'] ) : '';
     805        $qv['name']     = is_scalar( $qv['name'] ) ? trim( $qv['name'] ) : '';
     806        $qv['title']    = is_scalar( $qv['title'] ) ? trim( $qv['title'] ) : '';
     807
     808        if ( is_scalar( $qv['hour'] ) && '' !== $qv['hour'] ) {
    808809            $qv['hour'] = absint( $qv['hour'] );
    809         }
    810         if ( '' !== $qv['minute'] ) {
     810        } else {
     811            $qv['hour'] = '';
     812        }
     813
     814        if ( is_scalar( $qv['minute'] ) && '' !== $qv['minute'] ) {
    811815            $qv['minute'] = absint( $qv['minute'] );
    812         }
    813         if ( '' !== $qv['second'] ) {
     816        } else {
     817            $qv['minute'] = '';
     818        }
     819
     820        if ( is_scalar( $qv['second'] ) && '' !== $qv['second'] ) {
    814821            $qv['second'] = absint( $qv['second'] );
    815         }
    816         if ( '' !== $qv['menu_order'] ) {
     822        } else {
     823            $qv['second'] = '';
     824        }
     825
     826        if ( is_scalar( $qv['menu_order'] ) && '' !== $qv['menu_order'] ) {
    817827            $qv['menu_order'] = absint( $qv['menu_order'] );
     828
     829
    818830        }
    819831
     
    824836
    825837        // Compat. Map subpost to attachment.
    826         if ( '' != $qv['subpost'] ) {
     838        if ( '' != $qv['subpost'] ) {
    827839            $qv['attachment'] = $qv['subpost'];
    828840        }
    829         if ( '' != $qv['subpost_id'] ) {
     841        if ( '' != $qv['subpost_id'] ) {
    830842            $qv['attachment_id'] = $qv['subpost_id'];
    831843        }
    832844
    833         $qv['attachment_id'] = absint( $qv['attachment_id'] );
     845        $qv['attachment_id'] = ;
    834846
    835847        if ( ( '' !== $qv['attachment'] ) || ! empty( $qv['attachment_id'] ) ) {

  • trunk/tests/phpunit/tests/query/parseQuery.php

    r48937 r53891  
    105105    }
    106106
     107
     108
     109
     110
     111
     112
     113
     114
     115
     116
     117
     118
     119
     120
     121
     122
     123
     124
     125
     126
     127
     128
     129
     130
     131
     132
     133
     134
     135
     136
     137
     138
     139
     140
     141
     142
     143
     144
     145
     146
     147
     148
     149
     150
     151
     152
     153
     154
     155
     156
     157
     158
     159
     160
     161
     162
     163
     164
     165
     166
     167
     168
     169
     170
     171
     172
     173
     174
     175
     176
     177
     178
     179
     180
     181
     182
     183
     184
     185
     186
     187
     188
     189
     190
     191
     192
     193
     194
     195
     196
     197
     198
     199
     200
     201
     202
     203
     204
     205
     206
     207
     208
     209
     210
     211
     212
     213
     214
     215
     216
     217
     218
     219
     220
     221
     222
     223
     224
     225
     226
     227
     228
     229
     230
     231
     232
     233
     234
     235
    107236}
Note: See TracChangeset for help on using the changeset viewer.