[wp-trac] [WordPress Trac] #56311: Week query variable is not being sanitized correctly
WordPress Trac
noreply at wordpress.org
Sat Jul 30 09:44:25 UTC 2022
#56311: Week query variable is not being sanitized correctly
---------------------------+-----------------------------
Reporter: domainsupport | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version: trunk
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
If you add a "w" query variable to the URL of a WordPress website, for
example ...
http://localhost/?w=1234
... the following PHP error notice is generated ...
PHP Notice: Function WP_Date_Query was called
<strong>incorrectly</strong>. Invalid value <code>1234</code> for
<code>week</code>. Expected value should be between <code>1</code> and
<code>53</code>. Please see <a href="https://wordpress.org/support/article
/debugging-in-wordpress/">Debugging in WordPress</a> for more information.
(This message was added in version 4.1.0.) in /wp-includes/functions.php
on line 5831
This is because the `w` query string is not being correctly sanitized
before being added to WP_Query. It should be checked that it is a number
between 1 and 53 before being added to the query.
Oliver
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56311>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list