WordPress.org

Make WordPress Core

Changeset 48433


Ignore:
Timestamp:
07/11/2020 12:11:57 AM (5 months ago)
Author:
whyisjake
Message:

Formatting: Prevent wp_slash from returning non-strings as strings.

If a bool/float/int is passed into wp_slash it will be coerced into a string.

This changes the behavior to only slash strings. At the same time, handles recursion a little nicer by calling array_map for arrays.

Fixes #42195, #24106.

Props johnbillion, andizer, jrf, ryotasakamoto, SergeyBiryukov, donmhico, TobiasBg, markoheijnen, ryan, nacin, devesine, whyisjake.

Location:
trunk
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r48432 r48433  
    54975497
    54985498/**
    5499  * Add slashes to a string or array of strings.
     5499 * Add slashes to a string or array of strings, in a recursive manner.
    55005500 *
    55015501 * This should be used when preparing data for core API that expects slashed data.
     
    55035503 *
    55045504 * @since 3.6.0
     5505 * @since 5.5.0 Leave a non-string value untouched.
    55055506 *
    55065507 * @param string|array $value String or array of strings to slash.
     
    55095510function wp_slash( $value ) {
    55105511    if ( is_array( $value ) ) {
    5511         foreach ( $value as $k => $v ) {
    5512             if ( is_array( $v ) ) {
    5513                 $value[ $k ] = wp_slash( $v );
    5514             } else {
    5515                 $value[ $k ] = addslashes( $v );
    5516             }
    5517         }
    5518     } else {
    5519         $value = addslashes( $value );
     5512        $value = array_map( 'wp_slash', $value );
     5513    }
     5514
     5515    if ( is_string( $value ) ) {
     5516        return addslashes( $value );
    55205517    }
    55215518
  • trunk/tests/phpunit/tests/formatting/StripSlashesDeep.php

    r47122 r48433  
    33/**
    44 * @group formatting
     5 * @group slashes
    56 */
    67class Tests_Formatting_StripSlashesDeep extends WP_UnitTestCase {
Note: See TracChangeset for help on using the changeset viewer.