[wp-trac] [WordPress Trac] #52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte
WordPress Trac
noreply at wordpress.org
Fri Nov 11 06:54:28 UTC 2022
#52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does
not handle null byte
------------------------------------------+---------------------
Reporter: bitcomplex | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.2
Component: Posts, Post Types | Version: 5.6.2
Severity: critical | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+---------------------
Comment (by cadic):
I've performed a test across various core functions and was able to
reproduce the issue with multiple approaches:
{{{#!php
<?php
require_once ABSPATH . WPINC . '/class-wp-network.php';
require_once ABSPATH . WPINC . '/class-wp-site.php';
$test_array = array(
'post_title' => 'Post Title',
'post_type' => 'page',
"\0" => 'Nullbyte',
);
$test_object = (object) $test_array;
/**
* Each of these result in a Fatal Error:
* Cannot access property starting with "\0"
*/
sanitize_post( $test_object );
new WP_Comment( $test_object );
new WP_Network( $test_object );
new WP_Post( $test_object );
new WP_Term( $test_object );
map_deep( $test_object, 'absint' );
new WP_Site( $test_object );
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52738#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list