[wp-trac] [WordPress Trac] #60745: WP_Query::parse_query() does not handle invalid query arg values
WordPress Trac
noreply at wordpress.org
Mon Apr 8 00:05:27 UTC 2024
#60745: WP_Query::parse_query() does not handle invalid query arg values
--------------------------------------------+------------------------------
Reporter: xknown | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests php80 | Focuses:
--------------------------------------------+------------------------------
Comment (by peterwilsoncc):
I agree with @jrf that these shouldn't be fixed in `WP_Query`.
For the use cases provided of visitors using the incorrect data type in
URLs, eg `localhost?attachment[]=foobar`, data sanitization should take
place in `WP::parse_request()` before calling `WP_Query`. The former being
a user API, the latter a developer API.
Related #56311.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60745#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list