From 8d0bdaa0f2b46251fc36ca488a4a164a0f46f210 Mon Sep 17 00:00:00 2001
From: jrfnl <jrfnl@users.noreply.github.com>
Date: Wed, 24 Aug 2022 19:38:24 +0200
Subject: [PATCH] path_is_absolute(): use strict comparisons
Both of these can (and should) be changed to strict comparisons.
* `strlen()` will only ever return an integer, so can safely use a strict comparison.
* `realpath()` will return a `string|false`, which means the loose condition currently in place is dangerous as `false` would be regarded as "equal" to an empty string `$path`, which is wrong.
---
src/wp-includes/functions.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 16462b07dc..5da48da1f4 100644
|
a
|
b
|
function path_is_absolute( $path ) { |
| 2101 | 2101 | * This is definitive if true but fails if $path does not exist or contains |
| 2102 | 2102 | * a symbolic link. |
| 2103 | 2103 | */ |
| 2104 | | if ( realpath( $path ) == |
| | 2104 | if ( realpath( $path ) === $path ) { |
| 2105 | 2105 | return true; |
| 2106 | 2106 | } |
| 2107 | 2107 | |
| 2108 | | if ( strlen( $path ) == |
| | 2108 | if ( strlen( $path ) === 0 || '.' === $path[0] ) { |
| 2109 | 2109 | return false; |
| 2110 | 2110 | } |
| 2111 | 2111 | |