Make WordPress Core

Changeset 28542


Ignore:
Timestamp:
05/22/2014 06:33:34 PM (11 years ago)
Author:
wonderboymusic
Message:

Because PHP can be configured without --filter, it is not 100% safe to use filter_var(). This is problematic for casting "false" to false, as PHP always casts it to true. FILTER_VALIDATE_BOOLEAN fixes this, but it may not be available.

Add a new function, wp_validate_boolean(), to replace filter_var( $var, FILTER_VALIDATE_BOOLEAN ).

Fixes #28170.

Location:
trunk/src/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r28426 r28542  
    44464446    mbstring_binary_safe_encoding( true );
    44474447}
     4448
     4449/**
     4450 * Alternative to filter_var( $var, FILTER_VALIDATE_BOOLEAN )
     4451 *
     4452 * @since 4.0.0
     4453 *
     4454 * @param mixed $var
     4455 * @return boolean
     4456 */
     4457function wp_validate_boolean( $var ) {
     4458    if ( is_bool( $var ) ) {
     4459        return $var;
     4460    }
     4461
     4462    if ( 'false' === $var ) {
     4463        return false;
     4464    }
     4465
     4466    return (bool) $var;
     4467}
  • trunk/src/wp-includes/media.php

    r28414 r28542  
    12731273        'type' => $atts['type'],
    12741274        // don't pass strings to JSON, will be truthy in JS
    1275         'tracklist' => filter_var( $atts['tracklist'], FILTER_VALIDATE_BOOLEAN ),
    1276         'tracknumbers' => filter_var( $atts['tracknumbers'], FILTER_VALIDATE_BOOLEAN ),
    1277         'images' => filter_var( $atts['images'], FILTER_VALIDATE_BOOLEAN ),
    1278         'artists' => filter_var( $atts['artists'], FILTER_VALIDATE_BOOLEAN ),
     1275        'tracklist' => wp_validate_boolean( $atts['tracklist'] ),
     1276        'tracknumbers' => wp_validate_boolean( $atts['tracknumbers'] ),
     1277        'images' => wp_validate_boolean( $atts['images'] ),
     1278        'artists' => wp_validate_boolean( $atts['artists'] ),
    12791279    );
    12801280
Note: See TracChangeset for help on using the changeset viewer.