[wp-trac] [WordPress Trac] #20560: url_to_postid() string matching is not strict enough, can lead to incorrect results
WordPress Trac
wp-trac at lists.automattic.com
Fri Apr 27 19:01:40 UTC 2012
#20560: url_to_postid() string matching is not strict enough, can lead to incorrect
results
--------------------------+-----------------------------
Reporter: gradyetc | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version: 3.4
Severity: normal | Keywords:
--------------------------+-----------------------------
I have been working on a plugin that uses url_to_postid() to automatically
translate user generated links to internal links utilizing post ID in
order to protect against potential permalink changes.
A bug was reported that involved a link to an external location being
translated to an internal link (with post ID) by the plugin.
The current site: http://www.example.com/test
The attempted link: http://www.example.com/test-research
Where test-research is an entirely different site on our multi-site
install.
Upon investigation, the source of the problem was an overly generous
strpos() check in url_to_postid(), starting at line 322:
{{{
if ( false !== strpos($url, home_url()) ) {
// Chop off http://domain.com
$url = str_replace(home_url(), '', $url);
} else {
// Chop off /path/to/blog
$home_path = parse_url(home_url());
$home_path = isset( $home_path['path'] ) ? $home_path['path'] : ''
;
$url = str_replace($home_path, '', $url);
}
}}}
As home_url() does not append a trailing slash, the link passed that check
and was incorrectly processed. The logic inside that if block resulted in
-research being passed as a pagename to WP_Query, which happened to turn
up a matching post ID on this particular site.
I have a proposed patch, which I will attach to this ticket asap.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20560>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list