Query: Non-scalar and negative values for 'p' should always result in a 404.

Previously, the 'p' query var was being run through `absint()`, which caused unexpected results. Props Akeif, kouratoras. Fixes #33372. git-svn-id: https://develop.svn.wordpress.org/trunk@38288 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-20 02:31:31 +00:00 · 2016-08-20 02:31:31 +00:00 · f05beeba8c
parent 54b51f1a26
commit f05beeba8c
2 changed files with 44 additions and 1 deletions
--- a/src/wp-includes/query.php
+++ b/src/wp-includes/query.php
@ -1602,7 +1602,13 @@ class WP_Query {
 		if ( ! empty($qv['robots']) )
 			$this->is_robots = true;

-		$qv['p'] =  absint($qv['p']);
+		if ( ! is_scalar( $qv['p'] ) || $qv['p'] < 0 ) {
+			$qv['p'] = 0;
+			$qv['error'] = '404';
+		} else {
+			$qv['p'] = intval( $qv['p'] );
+		}
+
 		$qv['page_id'] =  absint($qv['page_id']);
 		$qv['year'] = absint($qv['year']);
 		$qv['monthnum'] = absint($qv['monthnum']);
--- a/tests/phpunit/tests/query/parseQuery.php
+++ b/tests/phpunit/tests/query/parseQuery.php
@ -51,4 +51,41 @@ class Tests_Query_ParseQuery extends WP_UnitTestCase {

 		$this->assertSame( true, $q->query_vars['s'] );
 	}
+
+	/**
+	 * @ticket 33372
+	 */
+	public function test_parse_query_p_negative_int() {
+		$q = new WP_Query();
+		$q->parse_query( array(
+			'p' => -3,
+		) );
+
+		$this->assertSame( '404', $q->query_vars['error'] );
+	}
+
+	/**
+	 * @ticket 33372
+	 */
+	public function test_parse_query_p_array() {
+		$q = new WP_Query();
+		$q->parse_query( array(
+			'p' => array(),
+		) );
+
+		$this->assertSame( '404', $q->query_vars['error'] );
+	}
+
+	/**
+	 * @ticket 33372
+	 */
+	public function test_parse_query_p_object() {
+		$q = new WP_Query();
+		$q->parse_query( array(
+			'p' => new stdClass(),
+		) );
+
+		$this->assertSame( '404', $q->query_vars['error'] );
+	}
+
 }