Bad Requests: Avoid PHP Warnings & Fatals from invalid input in year, monthnum and day fields.

This includes:
 - `E_WARNING: Array to string conversion in wp-includes/post.php:6072`
 - `Uncaught TypeError: urldecode(): Argument #1 ($string) must be of type string, array given in wp-includes/post.php:6083`

See https://core.trac.wordpress.org/ticket/62828


git-svn-id: https://meta.svn.wordpress.org/sites/trunk@14416 74240141-8908-4e6f-9713-ba540dce6ec7

Author: dd32

wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php

@@ -40,6 +40,29 @@
 	check_for_invalid_query_vars( $wp->query_vars, '$public_query_vars' );
 }, 0 );
 
+/**
+ * Detect invalid query parameters being passed in Core query fields, before the 'request' action.
+ * Generally causing warnings & fatals in `wp_resolve_numeric_slug_conflicts()`.
+ */
+add_filter( 'do_parse_request', function( $process ) {
+	if ( $process ) {
+		// See https://github.com/WordPress/wordpress-develop/blob/50fb4086b7afbfa012c5d1f2eeff79b1bae3b00e/src/wp-includes/rewrite.php#L400-L407
+		$wp_resolve_numeric_slug_conflict_fields = [
+			'year',
+			'monthnum',
+			'day'
+		];
+
+		foreach ( $wp_resolve_numeric_slug_conflict_fields as $field ) {
+			if ( isset( $_REQUEST[ $field ] ) && ! is_scalar( $_REQUEST[ $field ] ) ) {
+				die_bad_request( "non-scalar $field in do_parse_request" );
+			}
+		}
+	}
+
+	return $process;
+}, 1001 );
+
 /**
  * Check a set of internal query variables against the WordPress WP_Query values to detect invalid input.
  */