Make WordPress Core


Ignore:
Timestamp:
01/10/2019 09:05:50 PM (6 years ago)
Author:
flixos90
Message:

General: Fix problematic string to array parsing.

WordPress has historically often used code like preg_split( '/[\s,]+/', $var ) to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.

This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.

Props david.binda, sstoqnov.
Fixes #43977.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-comment-query.php

    r44412 r44546  
    483483        // 'status' accepts an array or a comma-separated string.
    484484        $status_clauses = array();
    485         $statuses       = $this->query_vars['status'];
    486         if ( ! is_array( $statuses ) ) {
    487             $statuses = preg_split( '/[\s,]+/', $statuses );
     485        $statuses       = wp_parse_list( $this->query_vars['status'] );
     486
     487        // Empty 'status' should be interpreted as 'all'.
     488        if ( empty( $statuses ) ) {
     489            $statuses = array( 'all' );
    488490        }
    489491
     
    518520        // User IDs or emails whose unapproved comments are included, regardless of $status.
    519521        if ( ! empty( $this->query_vars['include_unapproved'] ) ) {
    520             $include_unapproved = $this->query_vars['include_unapproved'];
    521 
    522             // Accepts arrays or comma-separated strings.
    523             if ( ! is_array( $include_unapproved ) ) {
    524                 $include_unapproved = preg_split( '/[\s,]+/', $include_unapproved );
    525             }
    526 
    527             $unapproved_ids = $unapproved_emails = array();
     522            $include_unapproved = wp_parse_list( $this->query_vars['include_unapproved'] );
     523
     524            $unapproved_ids    = array();
     525            $unapproved_emails = array();
    528526            foreach ( $include_unapproved as $unapproved_identifier ) {
    529527                // Numeric values are assumed to be user ids.
Note: See TracChangeset for help on using the changeset viewer.