Make WordPress Core


Ignore:
Timestamp:
05/20/2021 12:03:04 AM (4 years ago)
Author:
SergeyBiryukov
Message:

General: Ensure consistent type for integer properties of a bookmark object.

Previously, these properties could be unexpectedly converted to strings in some contexts.

This applies to the following function:

  • sanitize_bookmark_field()

and the following properties:

  • $bookmark::link_id
  • $bookmark::link_rating

Follow-up to [50935].

See #53235.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/bookmark.php

    r50558 r50936  
    392392 * @param mixed  $value       The bookmark field value.
    393393 * @param int    $bookmark_id Bookmark ID.
    394  * @param string $context     How to filter the field value. Accepts 'raw', 'edit', 'attribute',
    395  *                            'js', 'db', or 'display'
     394 * @param string $context     How to filter the field value. Accepts 'raw', 'edit', 'db',
     395 *                            'display', 'attribute', or 'js'. Default 'display'.
    396396 * @return mixed The filtered value.
    397397 */
    398398function sanitize_bookmark_field( $field, $value, $bookmark_id, $context ) {
     399    $int_fields = array( 'link_id', 'link_rating' );
     400    if ( in_array( $field, $int_fields, true ) ) {
     401        $value = (int) $value;
     402    }
     403
    399404    switch ( $field ) {
    400         case 'link_id': // ints
    401         case 'link_rating':
    402             $value = (int) $value;
    403             break;
    404405        case 'link_category': // array( ints )
    405406            $value = array_map( 'absint', (array) $value );
     
    446447    }
    447448
     449    // Restore the type for integer fields after esc_attr().
     450    if ( in_array( $field, $int_fields, true ) ) {
     451        $value = (int) $value;
     452    }
     453
    448454    return $value;
    449455}
Note: See TracChangeset for help on using the changeset viewer.