[wp-trac] [WordPress Trac] #60745: WP_Query::parse_query() does not handle invalid query arg values
WordPress Trac
noreply at wordpress.org
Thu Jul 18 00:10:33 UTC 2024
#60745: WP_Query::parse_query() does not handle invalid query arg values
--------------------------------------------+------------------------------
Reporter: xknown | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests php80 | Focuses:
--------------------------------------------+------------------------------
Comment (by ironprogrammer):
+1 for this update. This ticket relates to site requests that are not the
result of user or developer mistakes, and which are likely automated and
can occur at high volume. I feel it's a benefit to the WordPress community
to address this.
As [comment:6 Dennis mentioned], validation for other params has been
added previously to `WP_Query::parse_query`, and the proposed changes
augment that validation and lend support to the
[https://developer.wordpress.org/reference/classes/wp_query/#parameters
documented expectations of this class].
Another consideration is that as of today,
[https://wordpress.org/about/stats/#php_versions over 50% of reporting
sites are running PHP 7.4 or lower], where this situation results in a
`404` and logs an error (try this URL for a Playground test under PHP 7.4:
https://playground.wordpress.net/?php=7.4&wp=6.6&url=/?author_name[]=admin).
But as more sites gradually move to PHP 8+ (which
[https://wordpress.org/news/2023/10/wordpress-6-4s-php-compatibility/ we
encourage]), this issue will become more prevalent and draw greater
attention. I think it's better for WordPress to proactively get ahead of
this.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60745#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list