Changeset 10529
- Timestamp:
- 12/17/2020 01:33:02 AM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php
r10472 r10529 38 38 */ 39 39 add_action( 'send_headers', function( $wp ) { 40 check_for_invalid_query_vars( $wp->query_vars, '$public_query_vars' ); 41 } ); 42 43 /** 44 * Check a set of internal query variables against the WordPress WP_Query values to detect invalid input. 45 */ 46 function check_for_invalid_query_vars( $vars, $ref = '$public_query_vars' ) { 40 47 // Assumption: WP::$public_query_vars will only ever contain non-array query vars. 41 48 // Assumption invalid. Some fields are valid. … … 61 68 62 69 foreach ( (new \WP)->public_query_vars as $field ) { 63 if ( isset( $ wp->query_vars[ $field ] ) ) {64 if ( ! is_scalar( $ wp->query_vars[ $field ] ) && ! isset( $array_fields[ $field ] ) ) {65 die_bad_request( "non-scalar $field in \$public_query_vars" );70 if ( isset( $vars[ $field ] ) ) { 71 if ( ! is_scalar( $vars[ $field ] ) && ! isset( $array_fields[ $field ] ) ) { 72 die_bad_request( "non-scalar $field in $ref" ); 66 73 } 67 74 68 if ( isset( $must_be_num[ $field ] ) && ! empty( $ wp->query_vars[ $field ] ) && ! is_numeric( $wp->query_vars[ $field ] ) ) {69 die_bad_request( "non-numeric $field in \$public_query_vars" );75 if ( isset( $must_be_num[ $field ] ) && ! empty( $vars[ $field ] ) && ! is_numeric( $vars[ $field ] ) ) { 76 die_bad_request( "non-numeric $field in $ref" ); 70 77 } 71 78 } 72 79 } 73 74 } ); 80 } 75 81 76 82 /** … … 82 88 die_bad_request( "non-scalar input to o2" ); 83 89 } 90 } 91 if ( isset( $_REQUEST['queryVars'] ) ) { 92 check_for_invalid_query_vars( $_REQUEST['queryVars'], 'o2 queryVars' ); 84 93 } 85 94 }, 9 );
Note: See TracChangeset
for help on using the changeset viewer.