Make WordPress Core


Ignore:
Timestamp:
01/10/2019 09:05:50 PM (6 years ago)
Author:
flixos90
Message:

General: Fix problematic string to array parsing.

WordPress has historically often used code like preg_split( '/[\s,]+/', $var ) to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.

This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.

Props david.binda, sstoqnov.
Fixes #43977.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/bookmark.php

    r42343 r44546  
    172172        $r['category']      = '';
    173173        $r['category_name'] = '';
    174         $inclinks           = preg_split( '/[\s,]+/', $r['include'] );
     174        $inclinks           = wp_parse_id_list( $r['include'] );
    175175        if ( count( $inclinks ) ) {
    176176            foreach ( $inclinks as $inclink ) {
    177177                if ( empty( $inclusions ) ) {
    178                     $inclusions = ' AND ( link_id = ' . intval( $inclink ) . ' ';
     178                    $inclusions = ' AND ( link_id = ' . $inclink . ' ';
    179179                } else {
    180                     $inclusions .= ' OR link_id = ' . intval( $inclink ) . ' ';
     180                    $inclusions .= ' OR link_id = ' . $inclink . ' ';
    181181                }
    182182            }
     
    189189    $exclusions = '';
    190190    if ( ! empty( $r['exclude'] ) ) {
    191         $exlinks = preg_split( '/[\s,]+/', $r['exclude'] );
     191        $exlinks = wp_parse_id_list( $r['exclude'] );
    192192        if ( count( $exlinks ) ) {
    193193            foreach ( $exlinks as $exlink ) {
    194194                if ( empty( $exclusions ) ) {
    195                     $exclusions = ' AND ( link_id <> ' . intval( $exlink ) . ' ';
     195                    $exclusions = ' AND ( link_id <> ' . $exlink . ' ';
    196196                } else {
    197                     $exclusions .= ' AND link_id <> ' . intval( $exlink ) . ' ';
     197                    $exclusions .= ' AND link_id <> ' . $exlink . ' ';
    198198                }
    199199            }
     
    224224    $join           = '';
    225225    if ( ! empty( $r['category'] ) ) {
    226         $incategories = preg_split( '/[\s,]+/', $r['category'] );
     226        $incategories = wp_parse_id_list( $r['category'] );
    227227        if ( count( $incategories ) ) {
    228228            foreach ( $incategories as $incat ) {
    229229                if ( empty( $category_query ) ) {
    230                     $category_query = ' AND ( tt.term_id = ' . intval( $incat ) . ' ';
     230                    $category_query = ' AND ( tt.term_id = ' . $incat . ' ';
    231231                } else {
    232                     $category_query .= ' OR tt.term_id = ' . intval( $incat ) . ' ';
     232                    $category_query .= ' OR tt.term_id = ' . $incat . ' ';
    233233                }
    234234            }
Note: See TracChangeset for help on using the changeset viewer.