[wp-trac] [WordPress Trac] #59795: Private Information Exposure via redirect_guess_404_permalink()
WordPress Trac
noreply at wordpress.org
Wed Jan 17 17:20:04 UTC 2024
#59795: Private Information Exposure via redirect_guess_404_permalink()
--------------------------------------+----------------------------
Reporter: FrancescoCarlucci | Owner: peterwilsoncc
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 6.5
Component: Canonical | Version:
Severity: minor | Resolution:
Keywords: has-patch has-unit-tests | Focuses: privacy
--------------------------------------+----------------------------
Comment (by FrancescoCarlucci):
@peterwilsoncc Tested, it works well on my side :)
Replying to [comment:6 peterwilsoncc]:
> I've revised my original patch in the [https://github.com/WordPress
/wordpress-develop/pull/5867 linked pull request]
>
> * Redirects are limited to publicly queryable and searchable post types
> * Unlike my original patch the post type `WHERE` clause is modified in
the `get_query_var( 'post_type' )` block to avoid SQL errors
> * Added a unit test for a post type registered with
`['public'=>true,'publicly_queryable'=>false]`
>
> Testing notes:
>
> 1. Add
[https://gist.github.com/peterwilsoncc/16df069cd23d95be6e2ca5a6a0ee99ee
this mini-plugin] to `wp-content/mu-plugins`
> 1. Go to the WordPress Dashboard > Private Posts > Add new Post
> 1. Publish a post with the title "59795 Private Post"
> 1. In a private/incognito browser window, visit `http://localhost/59795`
(replacing `localhost` as appropriate for your test environment)
> 1. On this branch you should see a 404 error, on trunk you should be
redirected to `http://localhost/pwcc_private_post/59795-private-post/`
>
> @FrancescoCarlucci If you have bandwidth, are you able to assist by
testing the pull request? A copy of WordPress built from the PR can be
found by visiting the [https://github.com/WordPress/wordpress-
develop/pull/5867/checks PR's checks tab], clicking on "Test Build
Processes" in the navigation and downloading the `wordpress-build-???`
artifact.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59795#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list