Changeset 52292

Timestamp:

11/30/2021 08:09:56 PM (4 years ago)

Author:

hellofromTonya

Message:

Formatting: Handle non-scalar types passed to sanitize_key().

sanitize_key() expects a string type for the given key. Passing any other data type to strtolower() can result in E_WARNING: strtolower() expects parameter 1 to be string, array given.

A check is added that if the key is not a string, the key is set to an empty string. For performance, the additional string processing is skipped if the key is an empty string.

This change maintains backwards-compatibility for valid string keys while fixing the bug of non-string keys.

Props costdev, dd32.
Fixes #54160.

Location:

trunk

Files:

• src/wp-includes/formatting.php (modified) (1 diff)
• tests/phpunit/tests/formatting/sanitizeKey.php (added)

trunk/src/wp-includes/formatting.php

@@ -2138 +2138 @@
 function sanitize_key( $key ) {
     $raw_key = $key;
-    $key     = strtolower( $key );
-    $key     = preg_replace( '/[^a-z0-9_\-]/', '', $key );
+
+    if ( ! is_string( $key ) ) {
+        $key = '';
+    }
+
+    if ( '' !== $key ) {
+        $key = strtolower( $key );
+        $key = preg_replace( '/[^a-z0-9_\-]/', '', $key );
+    }
 
     /**