diff --git a/src/wp-includes/query.php b/src/wp-includes/query.php index 54f30873a6..1334272911 100644 --- a/src/wp-includes/query.php +++ b/src/wp-includes/query.php @@ -1574,8 +1574,9 @@ class WP_Query { if ( '' !== $qv['menu_order'] ) $qv['menu_order'] = absint($qv['menu_order']); // Fairly insane upper bound for search string lengths. - if ( ! empty( $qv['s'] ) && strlen( $qv['s'] ) > 1600 ) + if ( ! is_scalar( $qv['s'] ) || ( ! empty( $qv['s'] ) && strlen( $qv['s'] ) > 1600 ) ) { $qv['s'] = ''; + } // Compat. Map subpost to attachment. if ( '' != $qv['subpost'] ) diff --git a/tests/phpunit/tests/query/parseQuery.php b/tests/phpunit/tests/query/parseQuery.php new file mode 100644 index 0000000000..c4cb1dd16b --- /dev/null +++ b/tests/phpunit/tests/query/parseQuery.php @@ -0,0 +1,54 @@ +parse_query( array( + 's' => array( 'foo' ), + ) ); + + $this->assertSame( '', $q->query_vars['s'] ); + } + + public function test_parse_query_s_string() { + $q = new WP_Query(); + $q->parse_query( array( + 's' => 'foo', + ) ); + + $this->assertSame( 'foo', $q->query_vars['s'] ); + } + + public function test_parse_query_s_float() { + $q = new WP_Query(); + $q->parse_query( array( + 's' => 3.5, + ) ); + + $this->assertSame( 3.5, $q->query_vars['s'] ); + } + + public function test_parse_query_s_int() { + $q = new WP_Query(); + $q->parse_query( array( + 's' => 3, + ) ); + + $this->assertSame( 3, $q->query_vars['s'] ); + } + + public function test_parse_query_s_bool() { + $q = new WP_Query(); + $q->parse_query( array( + 's' => true, + ) ); + + $this->assertSame( true, $q->query_vars['s'] ); + } +}