[wp-trac] [WordPress Trac] #62828: Array should not be passed to get_page_by_path()
WordPress Trac
noreply at wordpress.org
Mon Jan 20 11:54:21 UTC 2025
#62828: Array should not be passed to get_page_by_path()
--------------------------+-----------------------------
Reporter: leedxw | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
We have been logging the following, as a result of an unauthorised
vulnerability scan on a site we host:
{{{
PHP Warning: urldecode() expects parameter 1 to be string, array given in
/var/www/html/wp-includes/post.php on line 6033
}}}
This occurs when an array is being passed to `get_page_by_path()`
I was able to reproduce using
{{{
curl -g "http://localhost/?year[1]=1"
}}}
This specific instance occurred in `wp_resolve_numeric_slug_conflicts()`
where user-supplied values of "month" "year" etc, are passed to
`get_page_by_path()`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62828>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list