[wp-trac] [WordPress Trac] #52252: PHP Notice when `monthnum` query var is set without the `year` QV
WordPress Trac
noreply at wordpress.org
Fri Jan 8 03:21:59 UTC 2021
#52252: PHP Notice when `monthnum` query var is set without the `year` QV
--------------------------+-----------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
`E_NOTICE: Undefined index: year in wp-includes/rewrite.php:413` /
`E_NOTICE: Undefined index: day in wp-includes/rewrite.php:413`
It looks like [32648] assumes the permalink structures will always include
both `year` & `monthnum` or `monthnum` & `day`
https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/rewrite.php?marks=400-403#L393
But a request such as `?monthnum=1` will cause it to check for the `year`
query var which might be unset.
(Props to the pentester hitting WordPress.org with many junk requests for
bringing this to light)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52252>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list