Make WordPress Core

Changeset 52292


Ignore:
Timestamp:
11/30/2021 08:09:56 PM (3 years ago)
Author:
hellofromTonya
Message:

Formatting: Handle non-scalar types passed to sanitize_key().

sanitize_key() expects a string type for the given key. Passing any other data type to strtolower() can result in E_WARNING: strtolower() expects parameter 1 to be string, array given.

A check is added that if the key is not a string, the key is set to an empty string. For performance, the additional string processing is skipped if the key is an empty string.

This change maintains backwards-compatibility for valid string keys while fixing the bug of non-string keys.

Props costdev, dd32.
Fixes #54160.

Location:
trunk
Files:
1 added
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r52188 r52292  
    21382138function sanitize_key( $key ) {
    21392139    $raw_key = $key;
    2140     $key     = strtolower( $key );
    2141     $key     = preg_replace( '/[^a-z0-9_\-]/', '', $key );
     2140
     2141    if ( ! is_string( $key ) ) {
     2142        $key = '';
     2143    }
     2144
     2145    if ( '' !== $key ) {
     2146        $key = strtolower( $key );
     2147        $key = preg_replace( '/[^a-z0-9_\-]/', '', $key );
     2148    }
    21422149
    21432150    /**
Note: See TracChangeset for help on using the changeset viewer.