[wp-trac] [WordPress Trac] #38203: Remove `absint` on object IDs in `delete_metadata`, etc
WordPress Trac
noreply at wordpress.org
Sun Apr 9 07:44:05 UTC 2017
#38203: Remove `absint` on object IDs in `delete_metadata`, etc
--------------------------------+------------------------------
Reporter: peterwilsoncc | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Options, Meta APIs | Version: 2.9
Severity: normal | Resolution:
Keywords: has-patch commit | Focuses:
--------------------------------+------------------------------
Changes (by johnjamesjacoby):
* keywords: => has-patch commit
* version: => 2.9
Comment:
[https://core.trac.wordpress.org/attachment/ticket/38203/38203.patch
38203.patch] replaces `absint()` assignments with `intval()` instead. My
reasoning for this is:
* Post/Comment/User IDs are passed through `intval()` in many locations
already
* Mutating the `$object_id` away from the intended value reduces trust in
the API
* `$mid` touches also already use `intval()` on the `meta_id`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38203#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list