[wp-trac] [WordPress Trac] #39061: REST API pagination: Large INT passed to `paged` query arg doesn't fail properly
WordPress Trac
noreply at wordpress.org
Sun Dec 4 18:43:53 UTC 2016
#39061: REST API pagination: Large INT passed to `paged` query arg doesn't fail
properly
--------------------------+-----------------------------
Reporter: morganestes | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
When an absurdly large value is passed to the REST API (e.g.
`/wp/v2/pages?page=23924321212413345333`), it returns the first page of
results instead of an error. The problem is during validation and
sanitization of the value, where the passed value is run through `absint`,
which returns another absurdly large value, which then gets nullified by
PHP, which becomes `1`.
{{{
wp> print_r( rest_sanitize_value_from_schema( 23452345346346345456567356,
array( 'type' => 'integer' ), 'page' ) );
3481259413623275520
=> bool(true)
wp> print_r( rest_validate_value_from_schema( 23452345346346345456567356,
array( 'type' => 'integer' ), 'page' ) );
1
=> bool(true)
wp> absint(23924321212413345333);
=> int(5477577138703794176)
}}}
Edge case, but worth noting since smaller values that are larger than the
number of pages return an empty array (like if there are only 2 pages of
posts, but 3 are requested).
Related: #19728.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39061>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list