[wp-trac] [WordPress Trac] #25143: Appending registered query vars to home URL sets is_home to true when should be false
WordPress Trac
noreply at wordpress.org
Thu Oct 16 19:50:02 UTC 2014
#25143: Appending registered query vars to home URL sets is_home to true when
should be false
------------------------------------------+-----------------------------
Reporter: mordauk | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Future Release
Component: Query | Version: 3.6
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+-----------------------------
Comment (by dyspersion):
Replying to [comment:11 mordauk]:
> Calling `add_rewrite_endpoint()` registers a query var automatically.
Well, //that's// unexpected. :D
Thinking out loud...
But, it also adds a rewrite rule and uses a different (undocumented)
mechanism to register the query var.
I wonder if there's a timing issue here. You have your call to
`add_rewrite_endpoint()` attached to the init hook which may try to add
the query_var to the wp object before the wp object is instantiated,
maybe? It might be firing in time for the rewrite to be computed, but
before `$public_query_vars` is even setup, maybe?
Can you verify that calling `add_rewrite_endpoint()` on init actually ends
up in a query_var being registered and used in the actual DB query?
Additional thoughts - I see much potential confusion between the terms
"query variable" and "querystring" where they involve two completely
different components. One, involving a database query and one involving
the end of the URL (HTTP GET), which may not interrelate at all.
Registering an HTTP GET variable as a DB query_var that isn't actually
used in the DB query seems unwise at best and a potential security attack
vector at worst.
Also, I'd advise renaming your HTTP GET variable to something specific to
your plugin. ;)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25143#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list