WordPress.org

Make WordPress Core


Ignore:
Timestamp:
09/15/2021 10:18:36 PM (5 weeks ago)
Author:
hellofromTonya
Message:

Options, Meta APIs: Fix "passing null to non-nullable" deprecations to (get|add|update|delete)_option().

In all four of the get_option(), add_option(), update_option() and delete_option() functions, the $option parameter (i.e. the option name) is passed to the PHP native trim() function without prior input validation.

In PHP 8.1, this could lead to a trim(): Passing null to parameter #1 ($string) of type string is deprecated for each of these functions.

trim():

  • expects a text string and is only useful when passed a text string as no other variable type can contain whitespace.
  • will always return a string, which means that in practice for any non-string values passed, it would effectively function as a type cast to string.

This commit:

  • Adds a check to verify the $option name is a scalar before processing it with trim().
  • The "type cast" behavior is maintained.
  • If the given $option name is not a scalar, such as null, the fix prevents the PHP 8.1 deprecation notice.
  • Tests are added for valid but undesired option names to safeguard against regressions.

This issue is already covered by:

  • the existing Tests_Option_Option::test_bad_option_names() test group.
  • the new test_valid_but_undesired_option_names() tests.

Follow-up to [13858], [22633], [23510], [25002], [51817].

Props jrf, hellofromTonya, pbearne.
See #53635.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/option/option.php

    r51817 r51818  
    150150
    151151    /**
     152     * @ticket 53635
     153     *
     154     * @dataProvider data_valid_but_undesired_option_names
     155     *
     156     * @param mixed $option_name Option name.
     157     */
     158    public function test_get_option_valid_but_undesired_option_names( $option_name ) {
     159        $this->assertFalse( get_option( $option_name ) );
     160    }
     161
     162    /**
     163     * @ticket 53635
     164     *
     165     * @dataProvider data_valid_but_undesired_option_names
     166     *
     167     * @param mixed $option_name Option name.
     168     */
     169    public function test_add_option_valid_but_undesired_option_names( $option_name ) {
     170        $this->assertTrue( add_option( $option_name, '' ) );
     171    }
     172
     173    /**
     174     * @ticket 53635
     175     *
     176     * @dataProvider data_valid_but_undesired_option_names
     177     *
     178     * @param mixed $option_name Option name.
     179     */
     180    public function test_update_option_valid_but_undesired_option_names( $option_name ) {
     181        $this->assertTrue( update_option( $option_name, '' ) );
     182    }
     183
     184    /**
     185     * @ticket 53635
     186     *
     187     * @dataProvider data_valid_but_undesired_option_names
     188     *
     189     * @param mixed $option_name Option name.
     190     */
     191    public function test_delete_option_valid_but_undesired_option_names( $option_name ) {
     192        $this->assertFalse( delete_option( $option_name ) );
     193    }
     194
     195    /**
     196     * Data provider.
     197     *
     198     * @return array
     199     */
     200    public function data_valid_but_undesired_option_names() {
     201        return array(
     202            'string 123'   => array( '123' ),
     203            'integer 123'  => array( 123 ),
     204            'integer -123' => array( -123 ),
     205            'float 12.3'   => array( 12.3 ),
     206            'float -1.23'  => array( -1.23 ),
     207            'boolean true' => array( true ),
     208        );
     209    }
     210
     211    /**
    152212     * @ticket 23289
    153213     */
Note: See TracChangeset for help on using the changeset viewer.