[wp-trac] [WordPress Trac] #61732: get_calendar() will use invalid dates in SQL queries
WordPress Trac
noreply at wordpress.org
Tue Jul 23 17:26:01 UTC 2024
#61732: get_calendar() will use invalid dates in SQL queries
--------------------------+-----------------------------
Reporter: leedxw | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.6
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
`get_calendar()` will use a client provided value for an SQL date request
without checking validity.
Checking the logs recently, I can see errors along the lines of
{{{
PHP message: WordPress database error Incorrect DATETIME value:
'2171-94-01' for query SELECT MONTH(post_date) AS month, YEAR(post_date)
AS year ...
}}}
Where the value was not a valid since the month was not between 01 and 12
inclusive.
Investigating, what I was seeing was:
* A bunch of junk requests that had random variables applied
{{{
GET /some_nonexistant_random_page?m=la2m,1o7tfe1poe9h_4ksa8,w876
}}}
* The theme uses something that uses `widget`, that then uses
`get_calendar()`
* `WP_Query::parse_query()` was helpfully stripping out non numbers into
the global `$m` - but there are no validity checks on the result.
* `get_calendar()` was using a substring of the junk `$m` as the base for
month.
* SQL complains about an invalid date
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61732>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list