WordPress.org

Make WordPress Core

Opened 8 months ago

Last modified 5 weeks ago

#26199 new enhancement

Pass original value to sanitize_option_* filter

Reported by: simonwheatley Owned by:
Milestone: Future Release Priority: normal
Severity: minor Version: 3.2.1
Component: Security Keywords: has-patch 3.9-early
Focuses: Cc:

Description

Currently the sanitize_option_{$option_name} filter differs from other esc and sanitization filters in that it does not pass the original value. It should.

Attachments (2)

26199.diff (615 bytes) - added by simonwheatley 8 months ago.
Adds the original value to the sanitize_option_* filter (now without my dirty test which breaks TwentyThirteen)
26199.2.diff (772 bytes) - added by simonwheatley 5 weeks ago.
Refreshed for 4.0a trunk

Download all attachments as: .zip

Change History (4)

simonwheatley8 months ago

Adds the original value to the sanitize_option_* filter (now without my dirty test which breaks TwentyThirteen)

comment:1 SergeyBiryukov7 months ago

  • Keywords 3.9-early added
  • Milestone changed from Awaiting Review to Future Release

simonwheatley5 weeks ago

Refreshed for 4.0a trunk

comment:2 simonwheatley5 weeks ago

I've refreshed the patch:

  • The intended effect still works (original value passed as a third parameter)
  • Four unit tests fail, see below, but these appear unrelated
1) Tests_Formatting_WPTexturize::test_quotes
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'Here is &#8220;<a href="http://example.com">a test with a link</a>&#8221;'
+'Here is &#8220;<a href="http://example.com">a test with a link</a>&#8220;'

/srv/www/wordpress-develop/tests/phpunit/tests/formatting/WPTexturize.php:84

2) Tests_Formatting_WPTexturize::test_quotes_before_numbers
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'Class of &#8217;99&#8217;s'
+'Class of &#8216;99&#8217;s'

/srv/www/wordpress-develop/tests/phpunit/tests/formatting/WPTexturize.php:114

3) Tests_Formatting_WPTexturize::test_other_html
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'&#8216;<strong>Quoted Text</strong>&#8217;,'
+'&#8216;<strong>Quoted Text</strong>&#8216;,'

/srv/www/wordpress-develop/tests/phpunit/tests/formatting/WPTexturize.php:132

4) Tests_Formatting_WPTexturize::test_entity_quote_cuddling
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'&#38;&#8220;Testing&#8221;'
+'&#38;&#8221;Testing&#8221;'

/srv/www/wordpress-develop/tests/phpunit/tests/formatting/WPTexturize.php:176
Last edited 5 weeks ago by simonwheatley (previous) (diff)
Note: See TracTickets for help on using tickets.