Skip to content

Add type checking for query vars in WP_Query::get_queried_object() #10792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
westonruter wants to merge 3 commits into
base: trunk
Choose a base branch
from
+22 −10
Draft

Add type checking for query vars in WP_Query::get_queried_object() #10792

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ea38440
https://core.trac.wordpress.org/attachment/ticket/64507/author_name_s…
westonruter Jan 23, 2026
1802279
Refine author_name logic
westonruter Jan 24, 2026
40069cb
Add type checking for other query vars in get_queried_object() and ad…
westonruter Jan 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 22 additions & 10 deletions src/wp-includes/class-wp-query.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2414,7 +2414,7 @@ public function get_posts() {

// Author stuff for nice URLs.

if ( '' !== $query_vars['author_name'] ) {
if ( $this->is_non_empty_string( $query_vars['author_name'] ) ) {
if ( str_contains( $query_vars['author_name'], '/' ) ) {
$query_vars['author_name'] = explode( '/', $query_vars['author_name'] );
if ( $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ] ) {
Expand Down Expand Up @@ -3978,18 +3978,18 @@ public function get_queried_object() {
$cat = $this->get( 'cat' );
$category_name = $this->get( 'category_name' );

if ( $cat ) {
if ( $this->is_non_empty_string( $cat ) ) {
$term = get_term( $cat, 'category' );
} elseif ( $category_name ) {
} elseif ( $this->is_non_empty_string( $category_name ) ) {
$term = get_term_by( 'slug', $category_name, 'category' );
}
} elseif ( $this->is_tag ) {
$tag_id = $this->get( 'tag_id' );
$tag = $this->get( 'tag' );

if ( $tag_id ) {
if ( $this->is_non_empty_string( $tag_id ) ) {
$term = get_term( $tag_id, 'post_tag' );
} elseif ( $tag ) {
} elseif ( $this->is_non_empty_string( $tag ) ) {
$term = get_term_by( 'slug', $tag, 'post_tag' );
}
} else {
Expand Down Expand Up @@ -4021,7 +4021,7 @@ public function get_queried_object() {
$post_type = $this->get( 'post_type' );

if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
$post_type = array_first( $post_type );
}

$this->queried_object = get_post_type_object( $post_type );
Expand All @@ -4034,12 +4034,12 @@ public function get_queried_object() {
$this->queried_object = $this->post;
$this->queried_object_id = (int) $this->post->ID;
} elseif ( $this->is_author ) {
$author = (int) $this->get( 'author' );
$author = $this->get( 'author' );
$author_name = $this->get( 'author_name' );

if ( $author ) {
$this->queried_object_id = $author;
} elseif ( $author_name ) {
if ( $this->is_non_empty_string( $author ) ) {
$this->queried_object_id = (int) $author;
} elseif ( $this->is_non_empty_string( $author_name ) ) {
$user = get_user_by( 'slug', $author_name );

if ( $user ) {
Expand All @@ -4053,6 +4053,18 @@ public function get_queried_object() {
return $this->queried_object;
}

/**
* Determines whether the provided value is a non-empty string.
*
* @since n.e.x.t
*
* @param mixed $value Value.
* @return bool
*/
private function is_non_empty_string( $value ): bool {
return is_string( $value ) && '' !== $value;
Copy link
Member

@mukeshpanchal27 mukeshpanchal27 Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shell we check '' !== $value first?

Copy link
Member Author

@westonruter westonruter Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why?

Copy link
Member

@mukeshpanchal27 mukeshpanchal27 Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to validate the value first, the current implementation is defensive and quick, but do we expect to receive any numeric values here?

Copy link
Member Author

@westonruter westonruter Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Possibly. But I don't understand either way how changing the order of the conditions would be better or worse.

Copy link
Member Author

@westonruter westonruter Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me, it seems like narrowing the scope to a string first and then checking to see if it looks like a certain string makes more sense.

Copy link
Member

@mukeshpanchal27 mukeshpanchal27 Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the details. Make sense.

}

/**
* Retrieves the ID of the currently queried object.
*
Expand Down
Loading