[buddypress-trac] [BuddyPress Trac] #5796: Invalid or empty page_arg results in no-limit queries

buddypress-trac noreply at wordpress.org
Tue Aug 5 05:57:16 UTC 2014

#5796: Invalid or empty page_arg results in no-limit queries
 Reporter:  johnjamesjacoby          |       Owner:
     Type:  defect (bug)             |      Status:  new
 Priority:  high                     |   Milestone:  2.1
Component:  All Components           |     Version:
 Severity:  major                    |  Resolution:
 Keywords:  needs-patch 2nd-opinion  |

Comment (by johnjamesjacoby):

 At a cursory, our `intval( $_REQUEST[$page_arg] )` checks are not enough
 here. `intval()` sets an invalid result to `0`, and `0` assumes unlimited
 results are being requested.

 While I can think of reasons why this might be useful, it's problematic on
 large sites where querying for all content will either lock up the
 database or OOM PHP.

 I recommend we put `empty()` checks in our `_Template` classes for our
 `page_arg` values, and force them back to 1 (or the `$page` default
 argument). This way our core functions and classes remain untouched and
 querying for unlimited results is still possible, and we only prevent
 users from passing invalid arguments around.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5796#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list