WordPress.org
Get WordPress

Make WordPress Core

Changeset 61499


Ignore:
Timestamp:
01/19/2026 08:44:38 PM (3 months ago)
Author:
dmsnell
Message:

HTML API: Fix missing null-check in wp_kses_hair() refactor.

When no attributes are present, wp_kses_hair() should return an empty
array, but when the refactor was merged, the code assumed there would be
attributes.

An alternative fix is to use null-coalescing to iterate over an empty
array. This would produce a marginally smaller function and read
slightly more cleanly, but there’s no need to enter the foreach loop
when it’s known in advance that there’s nothing over which to iterate.

Developed in: https://github.com/WordPress/wordpress-develop/pull/10758
Discussed in: https://core.trac.wordpress.org/ticket/63724

Follow-up to [61467].

Props: dd32, dmsnell, jonsurrell.
See: #63724.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/kses.php

    r61486 r61499  
    16241624    $processor->next_token();
    16251625
     1626    $attribute_names = $processor->get_attribute_names_with_prefix( '' );
     1627    if ( ! isset( $attribute_names ) ) {
     1628        return $attributes;
     1629    }
     1630
    16261631    $syntax_characters = array(
    16271632        '&' => '&',
     
    16321637    );
    16331638
    1634     foreach ( $processor->get_attribute_names_with_prefix( '' ) as $name ) {
     1639    foreach ( $attribute_names as $name ) {
    16351640        $value   = $processor->get_attribute( $name );
    16361641        $is_bool = true === $value;

  • trunk/tests/phpunit/tests/kses/wpKsesHair.php

    r61467 r61499  
    4040     */
    4141    public function data_attribute_parsing() {
     42        yield 'empty attributes' => array(
     43            '',
     44            array(),
     45        );
     46
     47        yield 'prematurely-terminated attributes' => array(
     48            '>',
     49            array(),
     50        );
     51
     52        yield 'prematurely-terminated malformed attributes' => array(
     53            'foo>bar="baz"',
     54            array(
     55                'foo' => array(
     56                    'name'  => 'foo',
     57                    'value' => '',
     58                    'whole' => 'foo',
     59                    'vless' => 'y',
     60                ),
     61            ),
     62        );
     63
    4264        yield 'single attribute with double quotes' => array(
    4365            'class="test-class"',
Note: See TracChangeset for help on using the changeset viewer.