Changeset 52294

Timestamp:

11/30/2021 09:00:32 PM (3 years ago)

Author:

SergeyBiryukov

Message:

Options, Meta APIs: Improve error handling in sanitize_option().

To prevent potential false negatives, set $error to null initially, so we can better tell if it was ever changed during the sanitization and be able to better react if an empty string is added to it.

Additionally, and mainly for the sake of the Settings API at this point, add error messages to some WP_Error objects returned from wpdb methods that were previously causing the issues here.

Follow-up to [32791].

Props iCaleb, audrasjb, hellofromTonya, SergeyBiryukov.
Fixes #53986.

Location:

trunk

Files:

• src/wp-includes/formatting.php (modified) (3 diffs)
• src/wp-includes/wp-db.php (modified) (2 diffs)
• tests/phpunit/tests/option/sanitize-option.php (modified) (1 diff)

trunk/src/wp-includes/formatting.php

@@ -4712 +4712 @@
 
     $original_value = $value;
-    $error          = '';
+    $error          = null;
 
     switch ( $option ) {
@@ -4920 +4920 @@
             }
 
-            if ( 'permalink_structure' === $option && '' !== $value && ! preg_match( '/%[^\/%]+%/', $value ) ) {
+            if ( 'permalink_structure' === $option && null === $error
+                && '' !== $value && ! preg_match( '/%[^\/%]+%/', $value )
+            ) {
                 $error = sprintf(
                     /* translators: %s: Documentation URL. */
@@ -4949 +4951 @@
     }
 
-    if ( ! empty( $error ) ) {
+    if ( null !== $error ) {
+        if ( '' === $error && is_wp_error( $value ) ) {
+            /* translators: 1: Option name, 2: Error code. */
+            $error = sprintf( __( 'Could not sanitize the %1$s option. Error code: %2$s' ), $option, $value->get_error_code() );
+        }
+
         $value = get_option( $option );
         if ( function_exists( 'add_settings_error' ) ) {

trunk/src/wp-includes/wp-db.php

@@ -2886 +2886 @@
         $results     = $this->get_results( "SHOW FULL COLUMNS FROM $table" );
         if ( ! $results ) {
-            return new WP_Error( 'wpdb_get_table_charset_failure' );
+            return new WP_Error( 'wpdb_get_table_charset_failure', __( 'Could not retrieve table charset.' ) );
         }
 
@@ -3328 +3328 @@
             $row                       = $this->get_row( 'SELECT ' . implode( ', ', $sql ), ARRAY_A );
             if ( ! $row ) {
-                return new WP_Error( 'wpdb_strip_invalid_text_failure' );
+                return new WP_Error( 'wpdb_strip_invalid_text_failure', __( 'Could not strip invalid text.' ) );
             }
 

trunk/tests/phpunit/tests/option/sanitize-option.php

@@ -156 +156 @@
             array( '/%year%/%monthnum%/%day%/%postname%/', '/%year%/%monthnum%/%day%/%postname%/', true ),
             array( '/%year/%postname%/', '/%year/%postname%/', true ),
+            array( new WP_Error( 'wpdb_get_table_charset_failure' ), false, false ), // ticket 53986
         );
     }