Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add defensive coding in posts per page sniff #2392

Merged
merged 1 commit into from
Sep 18, 2023
Merged

Add defensive coding in posts per page sniff #2392

merged 1 commit into from
Sep 18, 2023

Conversation

dingo-d
Copy link
Member

@dingo-d dingo-d commented Sep 17, 2023

This will prevent the undefined offset internal error.

Closes #2390

@dingo-d dingo-d added this to the 3.x Next milestone Sep 17, 2023
@dingo-d dingo-d self-assigned this Sep 17, 2023
@dingo-d dingo-d changed the title Add a defensive coding in posts per page sniff Add defensive coding in posts per page sniff Sep 17, 2023
jrfnl
jrfnl requested changes Sep 17, 2023
View reviewed changes
Copy link
Member

@jrfnl jrfnl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dingo-d Thanks for trying to take this one on.

Unfortunately, this is not the correct fix.

Think of it this way: if the $val is an empty string will a numeric comparison ever have any value ? No, it won't.

So instead, this sniff needs to do a check of $stripped_val against an empty string, straight after the quotes have been stripped and the function should bow out and return false in that case.

The patch also needs a few tests to cover the change - the test from the report + a test with an empty string passed to posts_per_page when set as an array.

Probably also a good thing to add a similar test to the DB/SlowQuery sniff, which doesn't have the same issue due to the difference in code for callback, but still.

$query = 'foo=bar&meta_key=&meta_value=bar';

@dingo-d dingo-d force-pushed the hotfix/2390-internal-error branch from 38f2834 to b2d41a3 Compare September 18, 2023 09:25
@dingo-d
Copy link
Member Author

dingo-d commented Sep 18, 2023

Fixed the PR according to the comments, much appreciated, should have taken a better look into the sniff.

For the DB/SlowQuery sniff I'll check this in a separate PR 👍🏼

@jrfnl
Copy link
Member

jrfnl commented Sep 18, 2023

For the DB/SlowQuery sniff I'll check this in a separate PR

The SlowQuery sniff only needs the test I provided. The callback doesn't contain logic, so is not susceptible to the same issue. The test would only safeguard that if logic would be added at some point, we won't forget to guard against this edge case.

jrfnl
jrfnl approved these changes Sep 18, 2023
View reviewed changes
Copy link
Member

@jrfnl jrfnl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ✅

Note: of the tests, only the tests on line 128 and 134 would trigger the notice previously. All the same, the additional tests do test the extra added logic, so 👍🏻 .

Would be nice to see the extra test for SlowQuery added as well, but happy to ship this as is.

@jrfnl
Copy link
Member

jrfnl commented Sep 18, 2023

@dingo-d P.S.: feel free to squash the commits.

@dingo-d
Copy link
Member Author

dingo-d commented Sep 18, 2023

@dingo-d P.S.: feel free to squash the commits.

Do you want me to squash all into one, or separate the test ones from the sniff changes ones?

jrfnl
jrfnl requested changes Sep 18, 2023
View reviewed changes
Copy link
Member

@jrfnl jrfnl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want me to squash all into one, or separate the test ones from the sniff changes ones?

No, this should be one commit. The tests belong with the functional change, so should be included in the same commit (makes life a lot easier when checking history).

WordPress/Sniffs/DB/SlowDBQuerySniff.php Outdated Show resolved Hide resolved
@dingo-d dingo-d force-pushed the hotfix/2390-internal-error branch from 535652b to f9c2e8f Compare September 18, 2023 11:24
@dingo-d dingo-d requested a review from jrfnl September 18, 2023 13:03
@dingo-d
Add defensive coding to posts per page sniff and add tests
25033a6 
The posts per page sniff should bail out early if empty string is passed as a value.

The tests were added for both posts per page sniff and slow db query sniff,
to check if empty string is passed as a value.
In the case of SlowDBQuery the sniff should flag cases where there is and isn't a value passed,
as that sniff will always flag whenever meta_key and meta_value are used in a query.
@dingo-d dingo-d force-pushed the hotfix/2390-internal-error branch from f9c2e8f to 25033a6 Compare September 18, 2023 13:04
GaryJones
GaryJones approved these changes Sep 18, 2023
View reviewed changes
Copy link
Member

@GaryJones GaryJones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jrfnl jrfnl merged commit 54ad2d7 into develop Sep 18, 2023
@jrfnl jrfnl deleted the hotfix/2390-internal-error branch September 18, 2023 19:31
@jrfnl jrfnl modified the milestones: 3.x Next, 3.1.0 Dec 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrfnl jrfnl jrfnl approved these changes

@GaryJones GaryJones GaryJones approved these changes

Assignees

@dingo-d dingo-d

Labels
Type: Bug
Projects
None yet
Milestone
3.1.0
Development

Successfully merging this pull request may close these issues.

Internal error in WordPress/Sniffs/WP/PostsPerPageSniff.php
3 participants
@dingo-d @jrfnl @GaryJones