[wp-trac] [WordPress Trac] #11391: logic error bug in php 5.3.0 probably needs attention in WP
WordPress Trac
wp-trac at lists.automattic.com
Fri Dec 11 09:26:31 UTC 2009
#11391: logic error bug in php 5.3.0 probably needs attention in WP
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 2.9
Severity: major | Resolution: invalid
Keywords: |
-------------------------------+--------------------------------------------
Comment(by Denis-de-Bernardy):
Yeah, I read the same. It's weird, too. A numerical string is converted to
a number before being compared:
{{{
var_dump(1 == '2'); // false
var_dump(1 == '1'); // true
}}}
At any rate, the issue generates a bug in Ryan's wp_object_cache class,
mentioned further up.
I did a quick scan of the WP code and didn't spot any areas where this
could potentially be abused (i.e. $user_submitted_int == 'something'
leading to code execution that should not be), so I'll leave it there.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11391#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list