From ae6a847aacd2f0e256b4b3cc2d64f35bb66a49dc Mon Sep 17 00:00:00 2001 From: Anand Rajaram Date: Wed, 19 Nov 2025 21:46:31 +0530 Subject: [PATCH 1/4] refactor: replace direct SQL with WP_Query in redirect_guess_404_permalink() --- src/wp-includes/canonical.php | 59 ++++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 11 deletions(-) diff --git a/src/wp-includes/canonical.php b/src/wp-includes/canonical.php index 9315ba7fb7ff9..4f6c3843b8dc2 100644 --- a/src/wp-includes/canonical.php +++ b/src/wp-includes/canonical.php @@ -972,10 +972,35 @@ function redirect_guess_404_permalink() { */ $strict_guess = apply_filters( 'strict_redirect_guess_404_permalink', false ); + // Build WP_Query arguments. + $query_args = array( + 'post_status' => $publicly_viewable_statuses, + 'posts_per_page' => 1, + 'no_found_rows' => true, + 'ignore_sticky_posts' => true, + 'fields' => 'ids', + ); + + // Handle strict vs. loose post_name matching. if ( $strict_guess ) { - $where = $wpdb->prepare( 'post_name = %s', get_query_var( 'name' ) ); + $query_args['name'] = get_query_var( 'name' ); } else { - $where = $wpdb->prepare( 'post_name LIKE %s', $wpdb->esc_like( get_query_var( 'name' ) ) . '%' ); + // For loose matching (LIKE), we'll use a posts_where filter. + $post_name_for_filter = get_query_var( 'name' ); + + // Store the filter callback so we can remove it later. + $post_name_where_filter = function ( $where, $query ) use ( $post_name_for_filter, $wpdb ) { + // Only apply to our specific query. + if ( isset( $query->query_vars['redirect_guess_404'] ) && $query->query_vars['redirect_guess_404'] ) { + $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_name LIKE %s", $wpdb->esc_like( $post_name_for_filter ) . '%' ); + } + return $where; + }; + + add_filter( 'posts_where', $post_name_where_filter, 10, 2 ); + + // Mark this query so our filter knows to apply the LIKE clause. + $query_args['redirect_guess_404'] = true; } // If any of post_type, year, monthnum, or day are set, use them to refine the query. @@ -985,34 +1010,46 @@ function redirect_guess_404_permalink() { if ( empty( $post_types ) ) { return false; } - $where .= " AND post_type IN ('" . join( "', '", esc_sql( get_query_var( 'post_type' ) ) ) . "')"; + $query_args['post_type'] = $post_types; } else { if ( ! in_array( get_query_var( 'post_type' ), $publicly_viewable_post_types, true ) ) { return false; } - $where .= $wpdb->prepare( ' AND post_type = %s', get_query_var( 'post_type' ) ); + $query_args['post_type'] = get_query_var( 'post_type' ); } } else { - $where .= " AND post_type IN ('" . implode( "', '", esc_sql( $publicly_viewable_post_types ) ) . "')"; + $query_args['post_type'] = $publicly_viewable_post_types; } + // Handle date queries. + $date_query = array(); if ( get_query_var( 'year' ) ) { - $where .= $wpdb->prepare( ' AND YEAR(post_date) = %d', get_query_var( 'year' ) ); + $date_query['year'] = get_query_var( 'year' ); } if ( get_query_var( 'monthnum' ) ) { - $where .= $wpdb->prepare( ' AND MONTH(post_date) = %d', get_query_var( 'monthnum' ) ); + $date_query['month'] = get_query_var( 'monthnum' ); } if ( get_query_var( 'day' ) ) { - $where .= $wpdb->prepare( ' AND DAYOFMONTH(post_date) = %d', get_query_var( 'day' ) ); + $date_query['day'] = get_query_var( 'day' ); } + if ( ! empty( $date_query ) ) { + $query_args['date_query'] = array( $date_query ); + } + + // Execute the query. + $query = new WP_Query( $query_args ); - // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $post_id = $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE $where AND post_status IN ('" . implode( "', '", esc_sql( $publicly_viewable_statuses ) ) . "')" ); + // Clean up the filter if we added it (remove only our specific callback). + if ( ! $strict_guess && isset( $post_name_where_filter ) ) { + remove_filter( 'posts_where', $post_name_where_filter, 10 ); + } - if ( ! $post_id ) { + if ( empty( $query->posts ) ) { return false; } + $post_id = $query->posts[0]; + if ( get_query_var( 'feed' ) ) { return get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) ); } elseif ( get_query_var( 'page' ) > 1 ) { From ce90699085a5573338fcbcc338ef688426b1ee97 Mon Sep 17 00:00:00 2001 From: Anand Rajaram Date: Thu, 20 Nov 2025 14:40:43 +0530 Subject: [PATCH 2/4] perf: optimize wp query and remove superfluous comments --- src/wp-includes/canonical.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/wp-includes/canonical.php b/src/wp-includes/canonical.php index 4f6c3843b8dc2..69232861bd904 100644 --- a/src/wp-includes/canonical.php +++ b/src/wp-includes/canonical.php @@ -972,13 +972,14 @@ function redirect_guess_404_permalink() { */ $strict_guess = apply_filters( 'strict_redirect_guess_404_permalink', false ); - // Build WP_Query arguments. $query_args = array( - 'post_status' => $publicly_viewable_statuses, - 'posts_per_page' => 1, - 'no_found_rows' => true, - 'ignore_sticky_posts' => true, - 'fields' => 'ids', + 'post_status' => $publicly_viewable_statuses, + 'posts_per_page' => 1, + 'no_found_rows' => true, + 'ignore_sticky_posts' => true, + 'update_post_meta_cache' => false, + 'update_post_term_cache' => false, + 'fields' => 'ids', ); // Handle strict vs. loose post_name matching. @@ -991,7 +992,7 @@ function redirect_guess_404_permalink() { // Store the filter callback so we can remove it later. $post_name_where_filter = function ( $where, $query ) use ( $post_name_for_filter, $wpdb ) { // Only apply to our specific query. - if ( isset( $query->query_vars['redirect_guess_404'] ) && $query->query_vars['redirect_guess_404'] ) { + if ( isset( $query->query_vars['redirect_guess_404'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_name LIKE %s", $wpdb->esc_like( $post_name_for_filter ) . '%' ); } return $where; @@ -1036,7 +1037,6 @@ function redirect_guess_404_permalink() { $query_args['date_query'] = array( $date_query ); } - // Execute the query. $query = new WP_Query( $query_args ); // Clean up the filter if we added it (remove only our specific callback). From 9b52804033ee0a8f1c907d2cc5b98dbdc3dd1545 Mon Sep 17 00:00:00 2001 From: Anand Rajaram Date: Fri, 21 Nov 2025 13:24:01 +0530 Subject: [PATCH 3/4] chore: change filter function to a static function --- src/wp-includes/canonical.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-includes/canonical.php b/src/wp-includes/canonical.php index 69232861bd904..865e1d15cece9 100644 --- a/src/wp-includes/canonical.php +++ b/src/wp-includes/canonical.php @@ -990,7 +990,7 @@ function redirect_guess_404_permalink() { $post_name_for_filter = get_query_var( 'name' ); // Store the filter callback so we can remove it later. - $post_name_where_filter = function ( $where, $query ) use ( $post_name_for_filter, $wpdb ) { + $post_name_where_filter = static function ( $where, $query ) use ( $post_name_for_filter, $wpdb ) { // Only apply to our specific query. if ( isset( $query->query_vars['redirect_guess_404'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_name LIKE %s", $wpdb->esc_like( $post_name_for_filter ) . '%' ); From 3da7e8902b9d7db41cfa2f05feae65fd4f57d795 Mon Sep 17 00:00:00 2001 From: Anand Rajaram Date: Wed, 14 Jan 2026 22:13:07 +0530 Subject: [PATCH 4/4] feat: update approach to use wp-query instead of manual searching --- src/wp-includes/canonical.php | 29 +++------------------ src/wp-includes/class-wp-query.php | 24 +++++++++++------ tests/phpunit/tests/query/searchColumns.php | 4 +-- 3 files changed, 22 insertions(+), 35 deletions(-) diff --git a/src/wp-includes/canonical.php b/src/wp-includes/canonical.php index 865e1d15cece9..424b3becc0db1 100644 --- a/src/wp-includes/canonical.php +++ b/src/wp-includes/canonical.php @@ -919,12 +919,9 @@ function strip_fragment_from_url( $url ) { * * @since 2.3.0 * - * @global wpdb $wpdb WordPress database abstraction object. - * * @return string|false The correct URL if one is found. False on failure. */ function redirect_guess_404_permalink() { - global $wpdb; /** * Filters whether to attempt to guess a redirect URL for a 404 request. @@ -980,28 +977,15 @@ function redirect_guess_404_permalink() { 'update_post_meta_cache' => false, 'update_post_term_cache' => false, 'fields' => 'ids', + 'orderby' => 'none', ); - // Handle strict vs. loose post_name matching. if ( $strict_guess ) { $query_args['name'] = get_query_var( 'name' ); } else { - // For loose matching (LIKE), we'll use a posts_where filter. - $post_name_for_filter = get_query_var( 'name' ); - - // Store the filter callback so we can remove it later. - $post_name_where_filter = static function ( $where, $query ) use ( $post_name_for_filter, $wpdb ) { - // Only apply to our specific query. - if ( isset( $query->query_vars['redirect_guess_404'] ) ) { - $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_name LIKE %s", $wpdb->esc_like( $post_name_for_filter ) . '%' ); - } - return $where; - }; - - add_filter( 'posts_where', $post_name_where_filter, 10, 2 ); - - // Mark this query so our filter knows to apply the LIKE clause. - $query_args['redirect_guess_404'] = true; + $query_args['s'] = get_query_var( 'name' ); + $query_args['search_columns'] = array( 'post_name' ); + $query_args['starts_with'] = true; } // If any of post_type, year, monthnum, or day are set, use them to refine the query. @@ -1039,11 +1023,6 @@ function redirect_guess_404_permalink() { $query = new WP_Query( $query_args ); - // Clean up the filter if we added it (remove only our specific callback). - if ( ! $strict_guess && isset( $post_name_where_filter ) ) { - remove_filter( 'posts_where', $post_name_where_filter, 10 ); - } - if ( empty( $query->posts ) ) { return false; } diff --git a/src/wp-includes/class-wp-query.php b/src/wp-includes/class-wp-query.php index 8edcf80b54400..03c2991be0420 100644 --- a/src/wp-includes/class-wp-query.php +++ b/src/wp-includes/class-wp-query.php @@ -660,6 +660,7 @@ public function fill_query_vars( $query_vars ) { * @since 5.3.0 Introduced the `$meta_type_key` parameter. * @since 6.1.0 Introduced the `$update_menu_item_cache` parameter. * @since 6.2.0 Introduced the `$search_columns` parameter. + * @since 7.0.0 Introduced the `$starts_with` parameter. * * @param string|array $query { * Optional. Array or string of Query parameters. @@ -686,6 +687,7 @@ public function fill_query_vars( $query_vars ) { * See WP_Date_Query::__construct(). * @type int $day Day of the month. Default empty. Accepts numbers 1-31. * @type bool $exact Whether to search by exact keyword. Default false. + * @type bool $starts_with Whether to search starts with keyword. Default false. * @type string $fields Post fields to query for. Accepts: * - '' Returns an array of complete post objects (`WP_Post[]`). * - 'ids' Returns an array of post IDs (`int[]`). @@ -774,7 +776,7 @@ public function fill_query_vars( $query_vars ) { * character used for exclusion can be modified using the * the 'wp_query_search_exclusion_prefix' filter. * @type string[] $search_columns Array of column names to be searched. Accepts 'post_title', - * 'post_excerpt' and 'post_content'. Default empty array. + * 'post_excerpt', 'post_content' and 'post_name'. Default empty array. * @type int $second Second of the minute. Default empty. Accepts numbers 0-59. * @type bool $sentence Whether to search by phrase. Default false. * @type bool $suppress_filters Whether to suppress filters. Default false. @@ -1448,11 +1450,19 @@ protected function parse_search( &$query_vars ) { } } - $n = ! empty( $query_vars['exact'] ) ? '' : '%'; + $start = '%'; + $end = '%'; + if ( ! empty( $query_vars['exact'] ) ) { + $start = ''; + $end = ''; + } elseif ( ! empty( $query_vars['starts_with'] ) ) { + $start = ''; + } + $searchand = ''; $query_vars['search_orderby_title'] = array(); - $default_search_columns = array( 'post_title', 'post_excerpt', 'post_content' ); + $default_search_columns = array( 'post_title', 'post_excerpt', 'post_content', 'post_name' ); $search_columns = ! empty( $query_vars['search_columns'] ) ? $query_vars['search_columns'] : $default_search_columns; if ( ! is_array( $search_columns ) ) { $search_columns = array( $search_columns ); @@ -1461,7 +1471,7 @@ protected function parse_search( &$query_vars ) { /** * Filters the columns to search in a WP_Query search. * - * The supported columns are `post_title`, `post_excerpt` and `post_content`. + * The supported columns are `post_title`, `post_excerpt`, `post_content` and `post_name`. * They are all included by default. * * @since 6.2.0 @@ -1500,13 +1510,11 @@ protected function parse_search( &$query_vars ) { $andor_op = 'OR'; } - if ( $n && ! $exclude ) { - $like = '%' . $wpdb->esc_like( $term ) . '%'; + $like = $start . $wpdb->esc_like( $term ) . $end; + if ( $end && ! $exclude ) { $query_vars['search_orderby_title'][] = $wpdb->prepare( "{$wpdb->posts}.post_title LIKE %s", $like ); } - $like = $n . $wpdb->esc_like( $term ) . $n; - $search_columns_parts = array(); foreach ( $search_columns as $search_column ) { $search_columns_parts[ $search_column ] = $wpdb->prepare( "({$wpdb->posts}.$search_column $like_op %s)", $like ); diff --git a/tests/phpunit/tests/query/searchColumns.php b/tests/phpunit/tests/query/searchColumns.php index 9ef30c2113920..1f682822ec6a7 100644 --- a/tests/phpunit/tests/query/searchColumns.php +++ b/tests/phpunit/tests/query/searchColumns.php @@ -363,7 +363,7 @@ public function test_search_columns_should_not_be_filterable_with_non_supported_ ) ); - $this->assertStringNotContainsString( 'post_name', $q->request, "SQL request shouldn't contain post_name string." ); + $this->assertStringNotContainsString( 'post_slug', $q->request, "SQL request shouldn't contain post_name string." ); $this->assertSameSets( array( self::$pid1, self::$pid2, self::$pid3 ), $q->posts, 'Query results should be equal to the set.' ); } @@ -376,7 +376,7 @@ public function test_search_columns_should_not_be_filterable_with_non_supported_ * @return string[] $search_columns Array of column names to be searched. */ public function post_non_supported_search_column( $search_columns, $search, $wp_query ) { - $search_columns = array( 'post_name' ); + $search_columns = array( 'post_slug' ); return $search_columns; }