[wp-trac] [WordPress Trac] #39945: WP_Query::get_posts fails to correctly sanitize 'posts_per_page'
WordPress Trac
noreply at wordpress.org
Tue Feb 28 04:24:02 UTC 2017
#39945: WP_Query::get_posts fails to correctly sanitize 'posts_per_page'
-------------------------------------------------+-------------------------
Reporter: biisent | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
Component: Query | Review
Severity: normal | Version: 4.7.2
Keywords: has-patch needs-testing 2nd-opinion | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Comment (by biisent):
Two considerations:
1. When `$this->is_feed == true` and `$this->is_singular == false`, then
`$q['posts_per_page']` is set to `$q['posts_per_rss']` and `$q['paging']`
is set to `false` in
https://core.trac.wordpress.org/browser/branches/4.7/src/wp-includes
/class-wp-query.php#L1768 . This however prevents the later sanitization
of `$q['nopaging']` since it is only performed when
`!isset($q['nopaging'])`.
2. In my opinion, retrieving all posts for negative posts_per_page values
seems consistent. However it may break compatibility (?) as currently
negative posts_per_page values <= -2 will just become positive.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39945#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list