IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't improperly cast IDs when fetching post, user, or term objects.

Browse Source 
Blindly casting passed IDs to integers can generate false positives
when the ID is cast to `1`.

Props deeptiboddapati.
Fixes #37738.
Built from https://develop.svn.wordpress.org/trunk@38381


git-svn-id: http://core.svn.wordpress.org/trunk@38322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Boone Gorges
2016-08-26 19:09:27 +00:00
parent 11216c7069
commit 0b81d79c86
4 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wp-includes/class-wp-comment.php
View File

@@ -191,11 +191,12 @@ final class WP_Comment {
public static function get_instance( $id ) {
global $wpdb;
$comment_id = (int) $id;
if ( ! $comment_id ) {
if ( ! is_numeric( $id ) || $id != floor( $id ) || ! $id ) {
return false;
}
$comment_id = (int) $id;
$_comment = wp_cache_get( $comment_id, 'comment' );
if ( ! $_comment ) {