Security issue with ‘paged’ and ‘posts_per_page’ parameters taken directly from a POST request?
Currently we have the following typecasting in the WP_Query class (see here): $q[‘posts_per_page’] = (int) $q[‘posts_per_page’]; if ( $q[‘posts_per_page’] < -1 ) $q[‘posts_per_page’] = abs($q[‘posts_per_page’]); elseif ( $q[‘posts_per_page’] == 0 ) $q[‘posts_per_page’] = 1; and here: if ( isset($q[‘page’]) ) { $q[‘page’] = trim($q[‘page’], “https://wordpress.stackexchange.com/”); $q[‘page’] = absint($q[‘page’]); } Instead of running the query for … Read more