WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/22/2014 06:33:34 PM (7 years ago)
Author:
wonderboymusic
Message:

Because PHP can be configured without --filter, it is not 100% safe to use filter_var(). This is problematic for casting "false" to false, as PHP always casts it to true. FILTER_VALIDATE_BOOLEAN fixes this, but it may not be available.

Add a new function, wp_validate_boolean(), to replace filter_var( $var, FILTER_VALIDATE_BOOLEAN ).

Fixes #28170.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/media.php

    r28414 r28542  
    12731273        'type' => $atts['type'],
    12741274        // don't pass strings to JSON, will be truthy in JS
    1275         'tracklist' => filter_var( $atts['tracklist'], FILTER_VALIDATE_BOOLEAN ),
    1276         'tracknumbers' => filter_var( $atts['tracknumbers'], FILTER_VALIDATE_BOOLEAN ),
    1277         'images' => filter_var( $atts['images'], FILTER_VALIDATE_BOOLEAN ),
    1278         'artists' => filter_var( $atts['artists'], FILTER_VALIDATE_BOOLEAN ),
     1275        'tracklist' => wp_validate_boolean( $atts['tracklist'] ),
     1276        'tracknumbers' => wp_validate_boolean( $atts['tracknumbers'] ),
     1277        'images' => wp_validate_boolean( $atts['images'] ),
     1278        'artists' => wp_validate_boolean( $atts['artists'] ),
    12791279    );
    12801280
Note: See TracChangeset for help on using the changeset viewer.