[wp-trac] [WordPress Trac] #22324: sanitize_post_field() forgets some integer fields

WordPress Trac noreply at wordpress.org
Fri Feb 1 11:18:37 UTC 2013


#22324: sanitize_post_field() forgets some integer fields
------------------------------+-----------------------------
 Reporter:  GeertDD           |       Owner:  SergeyBiryukov
     Type:  enhancement       |      Status:  reopened
 Priority:  normal            |   Milestone:  3.6
Component:  General           |     Version:  3.4.2
 Severity:  minor             |  Resolution:
 Keywords:  has-patch commit  |
------------------------------+-----------------------------
Changes (by gibrown):

 * cc: greg@… (added)


Comment:

 This uncovered a subtle caching bug on wp.com that I think probably
 affects a lot of plugins, and maybe elsewhere in core. Two cases.

 1) Used to work, but with this change started failing.
 - Post content is stored in the cache and so post_author is returned as a
 string when get_post() is called.
 - Plugin loads the post_author from cache and then === compares against
 something like comment_author

 2) Failed before (very rare though due to caching, so we had never
 reproduced it), with this change it works.
 - Post content is loaded from db rather than cache by get_post().
 post_author is an int.
 - Plugin does a === comparison which fails against things like
 comment_author.

 The second example is a bug that is probably occurring now in many
 plugins, but so rarely that it is not noticed.

 Given that (2) is actually failing, maybe the int coming out of the db
 should actually be cast to a string in get_post(), etc.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/22324#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list