[wp-trac] [WordPress Trac] #50877: Always sanitize post types' and taxonomies' rewrite arguments
WordPress Trac
noreply at wordpress.org
Fri Aug 7 21:42:39 UTC 2020
#50877: Always sanitize post types' and taxonomies' rewrite arguments
-------------------------------+----------------------------
Reporter: flixos90 | Owner: flixos90
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Posts, Post Types | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
-------------------------------+----------------------------
When registering a post type or taxonomy, currently the `$rewrite`
argument / property is only sanitized if pretty permalinks are enabled.
While this condition makes sense for whether to add the actual rewrite
rules, sanitization itself should not depend on this external factor.
Right now, effectively the `$rewrite` property will be invalid for post
types and taxonomies when pretty permalinks are not enabled. When changing
the permalink structure during a request (e.g. relevant in tests), this
may result in PHP warnings, since the `$rewrite` property is expected to
be an array, but due to lack of sanitization could still be e.g. a boolean
`true`.
Sanitization of rewrite arguments should always happen for post types and
taxonomies to ensure integrity of the property.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50877>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list