From 2ae2b1269a4c01c89d9ce889427f1eec3602875c Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Fri, 6 Oct 2017 23:29:51 +0000 Subject: [PATCH] Rewrite: In `url_to_postid()`, bail early if the URL does not belong to the site. Props ivankristianto, swissspidy, jkhongusc, SergeyBiryukov. Fixes #39373. Built from https://develop.svn.wordpress.org/trunk@41786 git-svn-id: http://core.svn.wordpress.org/trunk@41620 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/rewrite.php | 8 ++++++++ wp-includes/version.php | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/wp-includes/rewrite.php b/wp-includes/rewrite.php index 705e5f2bc8..943d7d0079 100644 --- a/wp-includes/rewrite.php +++ b/wp-includes/rewrite.php @@ -471,6 +471,14 @@ function url_to_postid( $url ) { */ $url = apply_filters( 'url_to_postid', $url ); + $url_host = str_replace( 'www.', '', parse_url( $url, PHP_URL_HOST ) ); + $home_url_host = str_replace( 'www.', '', parse_url( home_url(), PHP_URL_HOST ) ); + + // Bail early if the URL does not belong to this site. + if ( $url_host && $url_host !== $home_url_host ) { + return 0; + } + // First, check to see if there is a 'p=N' or 'page_id=N' to match against if ( preg_match('#[?&](p|page_id|attachment_id)=(\d+)#', $url, $values) ) { $id = absint($values[2]); diff --git a/wp-includes/version.php b/wp-includes/version.php index af6fcf44cf..0d3a799f3c 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9-beta1-41785'; +$wp_version = '4.9-beta1-41786'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.