From 364e63b83b9f730363cdaa32a35a221bd319b2ae Mon Sep 17 00:00:00 2001 From: Jeremy Felt Date: Sun, 11 Oct 2015 23:30:24 +0000 Subject: [PATCH] MS: Reject truthy, non-numeric network ids in `_network_option()`. A valid `$network_id` or `null`/`false` is expected as the first parameter for `_network_option()`. If something other than that is passed, we immediately return `false` rather than attempting to guess what network was intended. See #28290. Built from https://develop.svn.wordpress.org/trunk@35025 git-svn-id: http://core.svn.wordpress.org/trunk@34990 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/option.php | 16 ++++++++++++++++ wp-includes/version.php | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/wp-includes/option.php b/wp-includes/option.php index 5d3e6fe8ef..e0e69aa519 100644 --- a/wp-includes/option.php +++ b/wp-includes/option.php @@ -1069,6 +1069,10 @@ function update_site_option( $option, $value ) { function get_network_option( $network_id, $option, $default = false ) { global $wpdb, $current_site; + if ( $network_id && ! is_numeric( $network_id ) ) { + return false; + } + $network_id = (int) $network_id; // Fallback to the current network if a network ID is not specified. @@ -1182,6 +1186,10 @@ function get_network_option( $network_id, $option, $default = false ) { function add_network_option( $network_id, $option, $value ) { global $wpdb, $current_site; + if ( $network_id && ! is_numeric( $network_id ) ) { + return false; + } + $network_id = (int) $network_id; // Fallback to the current network if a network ID is not specified. @@ -1287,6 +1295,10 @@ function add_network_option( $network_id, $option, $value ) { function delete_network_option( $network_id, $option ) { global $wpdb, $current_site; + if ( $network_id && ! is_numeric( $network_id ) ) { + return false; + } + $network_id = (int) $network_id; // Fallback to the current network if a network ID is not specified. @@ -1366,6 +1378,10 @@ function delete_network_option( $network_id, $option ) { function update_network_option( $network_id, $option, $value ) { global $wpdb, $current_site; + if ( $network_id && ! is_numeric( $network_id ) ) { + return false; + } + $network_id = (int) $network_id; // Fallback to the current network if a network ID is not specified. diff --git a/wp-includes/version.php b/wp-includes/version.php index 05172f5700..a66bdf06bd 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-35024'; +$wp_version = '4.4-alpha-35025'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.