WordPress.org

Make WordPress Core

Opened 20 months ago

Closed 6 weeks ago

#26199 closed enhancement (fixed)

Pass original value to sanitize_option_* filter

Reported by: simonwheatley Owned by: chriscct7
Milestone: 4.3 Priority: normal
Severity: normal Version: 3.2
Component: Options, Meta APIs Keywords: has-patch
Focuses: Cc:

Description

Currently the sanitize_option_{$option_name} filter differs from other esc and sanitization filters in that it does not pass the original value. It should.

Attachments (4)

26199.diff (615 bytes) - added by simonwheatley 20 months ago.
Adds the original value to the sanitize_option_* filter (now without my dirty test which breaks TwentyThirteen)
26199.2.diff (772 bytes) - added by simonwheatley 13 months ago.
Refreshed for 4.0a trunk
26199.3.diff (772 bytes) - added by MikeHansenMe 6 months ago.
refreshed for 4.1
26199.4.diff (878 bytes) - added by MikeHansenMe 6 weeks ago.
Refreshed for 4.3

Download all attachments as: .zip

Change History (10)

@simonwheatley20 months ago

Adds the original value to the sanitize_option_* filter (now without my dirty test which breaks TwentyThirteen)

comment:1 @SergeyBiryukov19 months ago

  • Keywords 3.9-early added
  • Milestone changed from Awaiting Review to Future Release

@simonwheatley13 months ago

Refreshed for 4.0a trunk

comment:2 @simonwheatley13 months ago

I've refreshed the patch:

  • The intended effect still works (original value passed as a third parameter)
  • Four unit tests fail, see below, but these appear unrelated
1) Tests_Formatting_WPTexturize::test_quotes
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'Here is &#8220;<a href="http://example.com">a test with a link</a>&#8221;'
+'Here is &#8220;<a href="http://example.com">a test with a link</a>&#8220;'

/srv/www/wordpress-develop/tests/phpunit/tests/formatting/WPTexturize.php:84

2) Tests_Formatting_WPTexturize::test_quotes_before_numbers
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'Class of &#8217;99&#8217;s'
+'Class of &#8216;99&#8217;s'

/srv/www/wordpress-develop/tests/phpunit/tests/formatting/WPTexturize.php:114

3) Tests_Formatting_WPTexturize::test_other_html
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'&#8216;<strong>Quoted Text</strong>&#8217;,'
+'&#8216;<strong>Quoted Text</strong>&#8216;,'

/srv/www/wordpress-develop/tests/phpunit/tests/formatting/WPTexturize.php:132

4) Tests_Formatting_WPTexturize::test_entity_quote_cuddling
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'&#38;&#8220;Testing&#8221;'
+'&#38;&#8221;Testing&#8221;'

/srv/www/wordpress-develop/tests/phpunit/tests/formatting/WPTexturize.php:176
Last edited 13 months ago by simonwheatley (previous) (diff)

@MikeHansenMe6 months ago

refreshed for 4.1

comment:3 @chriscct77 weeks ago

  • Keywords 3.9-early removed
  • Owner set to chriscct7
  • Severity changed from minor to normal
  • Status changed from new to reviewing
  • Version changed from 3.2.1 to 3.2

@MikeHansenMe6 weeks ago

Refreshed for 4.3

comment:4 @MikeHansenMe6 weeks ago

Refreshed the patch for 4.3.

comment:5 @boonebgorges6 weeks ago

  • Component changed from Security to Options, Meta APIs
  • Milestone changed from Future Release to 4.3

comment:6 @boonebgorges6 weeks ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 32520:

In sanitize_option(), pass the unsanitized $value to the filter.

Props simonwheatley, MikeHansenMe.
Fixes #26199.

Note: See TracTickets for help on using tickets.