[wp-trac] [WordPress Trac] #56311: Week query variable is not being sanitized correctly

WordPress Trac noreply at wordpress.org
Sat Jul 30 09:44:25 UTC 2022

#56311: Week query variable is not being sanitized correctly
 Reporter:  domainsupport  |      Owner:  (none)
     Type:  defect (bug)   |     Status:  new
 Priority:  normal         |  Milestone:  Awaiting Review
Component:  Query          |    Version:  trunk
 Severity:  normal         |   Keywords:
  Focuses:                 |
 If you add a "w" query variable to the URL of a WordPress website, for
 example ...


 ... the following PHP error notice is generated ...

  PHP Notice:  Function WP_Date_Query was called
 <strong>incorrectly</strong>. Invalid value <code>1234</code> for
 <code>week</code>. Expected value should be between <code>1</code> and
 <code>53</code>. Please see <a href="https://wordpress.org/support/article
 /debugging-in-wordpress/">Debugging in WordPress</a> for more information.
 (This message was added in version 4.1.0.) in /wp-includes/functions.php
 on line 5831

 This is because the `w` query string is not being correctly sanitized
 before being added to WP_Query. It should be checked that it is a number
 between 1 and 53 before being added to the query.


Ticket URL: <https://core.trac.wordpress.org/ticket/56311>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list