Skip to content
Permalink
Browse files

Query: Remove the static query property.

Prevent unauthenticated views of publicly queryables content types.

Props aaroncampbell, whyisjake, nickdaugherty, xknown.


git-svn-id: https://develop.svn.wordpress.org/branches/5.2@46479 602fd350-edb4-49c9-b593-d223f7449a82
  • Loading branch information
whyisjake committed Oct 14, 2019
1 parent 6245a65 commit 836b9c0a5b77cc46457dc120966b55350584a374
Showing with 2 additions and 4 deletions.
  1. +1 −2 src/wp-includes/class-wp-query.php
  2. +1 −1 src/wp-includes/class-wp.php
  3. +0 −1 tests/phpunit/tests/query/vars.php
@@ -538,7 +538,6 @@ public function fill_query_vars( $array ) {
'attachment',
'attachment_id',
'name',
'static',
'pagename',
'page_id',
'second',
@@ -802,7 +801,7 @@ public function parse_query( $query = '' ) {
// If year, month, day, hour, minute, and second are set, a single
// post is being queried.
$this->is_single = true;
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) {
} elseif ( '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) {
$this->is_page = true;
$this->is_single = false;
} else {
@@ -14,7 +14,7 @@ class WP {
* @since 2.0.0
* @var string[]
*/
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
/**
* Private query variables.
@@ -51,7 +51,6 @@ public function testPublicQueryVarsAreAsExpected() {
'tag',
'feed',
'author_name',
'static',
'pagename',
'page_id',
'error',

0 comments on commit 836b9c0

Please sign in to comment.
You can’t perform that action at this time.