[wp-trac] [WordPress Trac] #36718: WP_Query::parse_

WordPress Trac noreply at wordpress.org
Fri Apr 29 10:34:15 UTC 2016 

#36718: WP_Query::parse_
--------------------------+-----------------------------
 Reporter:  vortfu        |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 The fix for #24884 (in r25138) introduced a bug where
 `WP_Query::parse_query()` allows the `m` param to be passed as a non
 scalar type - leading to a potential SQL query error in
 `WP_Query::get_posts()`.

 > wp> $q = new WP_Query( [ 'm' => [ 123 ] ] );
 > wp> $q->get_posts();
 > Warning: strlen() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 1689
 > Warning: strlen() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 1691
 > Warning: strlen() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 1693
 > Warning: substr() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 2627
 > Warning: strlen() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 2628
 > Warning: strlen() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 2630
 > Warning: strlen() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 2632
 > Warning: strlen() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 2634
 > Warning: strlen() expects parameter 1 to be string, array given in ./wp-
 includes/query.php on line 2636
 >
 > You have an error in your SQL syntax; check the manual that corresponds
 to your MySQL server version for the right syntax to use near 'AND
 wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish')  ORDER
 BY' at line 1 for query SELECT SQL_CALC_FOUND_ROWS  wp_posts.ID FROM
 wp_posts  WHERE 1=1  AND **YEAR(wp_posts.post_date)= **AND
 wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish')  ORDER
 BY wp_posts.post_date DESC LIMIT 0, 10 ...

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36718>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list