[wp-trac] [WordPress Trac] #46671: wp-admin/revisions.php uses the $post global in the wrong way

WordPress Trac noreply at wordpress.org
Wed Mar 27 14:46:36 UTC 2019 

#46671: wp-admin/revisions.php uses the $post global in the wrong way
--------------------------+-----------------------------
 Reporter:  tofandel      |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  trunk
 Severity:  major         |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 I found a bug quite interesting when restoring a revision, in wp-
 admin/revision.php the code is not encapsulated and thus using the globals
 $post, $revision etc

 A problem arrise because of those lines

         {{{#!php
 <?php
 if ( ! $post = get_post( $revision->post_parent ) )
                 break;
 // ...
 wp_restore_post_revision( $revision->ID );
 $redirect = add_query_arg( array( 'message' => 5, 'revision' =>
 $revision->ID ), get_edit_post_link( $post->ID, 'url' ) );
 }}}

 As you can see the $post global is exposed and then used again after the
 the wp_restore_post_revision function call which triggers countless hooks

 The problem is if the $post global is edited in one of those hooks, then
 the ID passed to get_edit_post_link is wrong and since post has not been
 set via WP_Query, the wp_reset_postdata function does nothing, here is a
 snippet you can use to demonstrate the bug, after restoring a revision you
 will be redirected to the edit page of the post 4 instead of the post you
 were editing

 {{{#!php
 <?php
 add_action('wp_restore_post_revision', function() {
         global $post;

         $post->ID = 4;

         wp_reset_postdata(); //This will do nothing because the post has
 not been defined through WP_Query
 });


 }}}


 To fix this bug I would suggest encapsulating the logic into a function to
 stop exposing the variables as globals or to rename the variable being
 used

 PS: this design flaw is present in other files as well, but that's the
 only one I noticed causing issues

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46671>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list