sergiotarxz/Wordpress
sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

MS: Reject truthy, non-numeric network ids in _network_option().

Browse Source 
A valid `$network_id` or `null`/`false` is expected as the first parameter for `_network_option()`. If something other than that is passed, we immediately return `false` rather than attempting to guess what network was intended.

See #28290.


git-svn-id: https://develop.svn.wordpress.org/trunk@35025 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jeremy Felt 2015-10-11 23:29:55 +00:00
parent 55122c1538
commit 3ee40d6652
2 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/wp-includes/option.php
View File

@ -1069,6 +1069,10 @@ function update_site_option( $option, $value ) {
function get_network_option( $network_id, $option, $default = false ) {
global $wpdb, $current_site;
if ( $network_id && ! is_numeric( $network_id ) ) {
return false;
}
$network_id = (int) $network_id;
// Fallback to the current network if a network ID is not specified.
@ -1182,6 +1186,10 @@ function get_network_option( $network_id, $option, $default = false ) {
function add_network_option( $network_id, $option, $value ) {
global $wpdb, $current_site;
if ( $network_id && ! is_numeric( $network_id ) ) {
return false;
}
$network_id = (int) $network_id;
// Fallback to the current network if a network ID is not specified.
@ -1287,6 +1295,10 @@ function add_network_option( $network_id, $option, $value ) {
function delete_network_option( $network_id, $option ) {
global $wpdb, $current_site;
if ( $network_id && ! is_numeric( $network_id ) ) {
return false;
}
$network_id = (int) $network_id;
// Fallback to the current network if a network ID is not specified.
@ -1366,6 +1378,10 @@ function delete_network_option( $network_id, $option ) {
function update_network_option( $network_id, $option, $value ) {
global $wpdb, $current_site;
if ( $network_id && ! is_numeric( $network_id ) ) {
return false;
}
$network_id = (int) $network_id;
// Fallback to the current network if a network ID is not specified.

44
tests/phpunit/tests/option/networkOption.php
View File

@ -38,6 +38,50 @@ class Tests_Option_NetworkOption extends WP_UnitTestCase {
delete_site_option( $option );
$this->assertEquals( $value, get_network_option( $id, $option, false ) );
}
/**
* @dataProvider data_network_id_parameter
*
* @param $network_id
* @param $expected_response
*/
function test_add_network_option_network_id_parameter( $network_id, $expected_response ) {
$option = rand_str();
$value = rand_str();
$this->assertEquals( $expected_response, add_network_option( $network_id, $option, $value ) );
}
/**
* @dataProvider data_network_id_parameter
*
* @param $network_id
* @param $expected_response
*/
function test_get_network_option_network_id_parameter( $network_id, $expected_response ) {
$option = rand_str();
$this->assertEquals( $expected_response, get_network_option( $network_id, $option, true ) );
}
function data_network_id_parameter() {
return array(
// Numeric values should always be accepted.
array( 1, true ),
array( '1', true ),
array( 2, true ),
// Null, false, and zero will be treated as the current network.
array( null, true ),
array( false, true ),
array( 0, true ),
array( '0', true ),
// Other truthy or string values should be rejected.
array( true, false ),
array( 'string', false ),
);
}
}
endif;