Permalinks: Ignore malformed post type query arrays

dhrupo · dhrupo · commit c4a600480786 · 2026-04-27T14:56:38.000+06:00
diff --git a/src/wp-includes/class-wp.php b/src/wp-includes/class-wp.php
@@ -382,7 +382,10 @@ public function parse_request( $extra_query_vars = '' ) {
 					unset( $this->query_vars['post_type'] );
 				}
 			} else {
-				$this->query_vars['post_type'] = array_intersect( $this->query_vars['post_type'], $queryable_post_types );
+				$this->query_vars['post_type'] = array_intersect(
+					array_filter( $this->query_vars['post_type'], 'is_scalar' ),
+					$queryable_post_types
+				);
 			}
 		}
 
diff --git a/tests/phpunit/tests/wp/parseRequest.php b/tests/phpunit/tests/wp/parseRequest.php
@@ -56,4 +56,70 @@ static function ( $url ) {
 		$this->wp->parse_request();
 		$this->assertSame( '', $this->wp->request );
 	}
+
+	/**
+	 * @ticket 65123
+	 */
+	public function test_parse_request_ignores_non_scalar_post_type_values_from_get() {
+		$original_get     = $_GET;
+		$original_post    = $_POST;
+		$original_request = $_SERVER['REQUEST_URI'] ?? null;
+		$original_self    = $_SERVER['PHP_SELF'] ?? null;
+
+		$_GET['post_type']      = array( array( 'page' ), 'post' );
+		$_SERVER['REQUEST_URI'] = '/?post_type[][]=page&post_type[]=post';
+		$_SERVER['PHP_SELF']    = '/index.php';
+
+		$this->wp->parse_request();
+
+		$this->assertSame( array( 'post' ), array_values( $this->wp->query_vars['post_type'] ) );
+
+		$_GET  = $original_get;
+		$_POST = $original_post;
+
+		if ( null === $original_request ) {
+			unset( $_SERVER['REQUEST_URI'] );
+		} else {
+			$_SERVER['REQUEST_URI'] = $original_request;
+		}
+
+		if ( null === $original_self ) {
+			unset( $_SERVER['PHP_SELF'] );
+		} else {
+			$_SERVER['PHP_SELF'] = $original_self;
+		}
+	}
+
+	/**
+	 * @ticket 65123
+	 */
+	public function test_parse_request_ignores_non_scalar_post_type_values_from_post() {
+		$original_get     = $_GET;
+		$original_post    = $_POST;
+		$original_request = $_SERVER['REQUEST_URI'] ?? null;
+		$original_self    = $_SERVER['PHP_SELF'] ?? null;
+
+		$_POST['post_type']     = array( array( 'page' ), 'post' );
+		$_SERVER['REQUEST_URI'] = '/';
+		$_SERVER['PHP_SELF']    = '/index.php';
+
+		$this->wp->parse_request();
+
+		$this->assertSame( array( 'post' ), array_values( $this->wp->query_vars['post_type'] ) );
+
+		$_GET  = $original_get;
+		$_POST = $original_post;
+
+		if ( null === $original_request ) {
+			unset( $_SERVER['REQUEST_URI'] );
+		} else {
+			$_SERVER['REQUEST_URI'] = $original_request;
+		}
+
+		if ( null === $original_self ) {
+			unset( $_SERVER['PHP_SELF'] );
+		} else {
+			$_SERVER['PHP_SELF'] = $original_self;
+		}
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -382,7 +382,10 @@ public function parse_request( $extra_query_vars = '' ) {`
`382`	`382`	`unset( $this->query_vars['post_type'] );`
`383`	`383`	`}`
`384`	`384`	`} else {`
`385`		`- $this->query_vars['post_type'] = array_intersect( $this->query_vars['post_type'], $queryable_post_types );`
	`385`	`+ $this->query_vars['post_type'] = array_intersect(`
	`386`	`+ array_filter( $this->query_vars['post_type'], 'is_scalar' ),`
	`387`	`+ $queryable_post_types`
	`388`	`+ );`
`386`	`389`	`}`
`387`	`390`	`}`
`388`	`391`