#33118 closed defect (bug) (fixed)
Don't assume the $post is an array in sanitize_post().
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.4 | Priority: | normal |
| Severity: | normal | Version: | 2.5 |
| Component: | Posts, Post Types | Keywords: | has-patch 2nd-opinion |
| Focuses: | Cc: |
Description
sanitize_post() expects $post to be an object (OBJECT|WP_Post) or an array (ARRAY_A|ARRAY_N), and returns the same type, but only checks for is_object(), then assumes it's an array and iterates over it as one without further checking.
It may be a bit overkill, but explicitly checking for is_array() seems like the right thing to do to avoid potential errors thrown by trying to use array_keys() over a non-array.
Attachments (1)
Change History (7)
#3
@
11 years ago
- Milestone changed from Awaiting Review to 4.4
- Owner set to wonderboymusic
- Status changed from new to assigned
#5
follow-up:
↓ 6
@
11 years ago
- Keywords 2nd-opinion added
Seems to me there should be an else $post = null if this is a sanitization function.
#6
in reply to:
↑ 5
@
11 years ago
Replying to kitchin:
Seems to me there should be an
else $post = nullif this is a sanitization function.
I don't think completely changing the expected return type by nullifying it is the way to go here, but I could see throwing a 'doing_it_wrong' early if fails a type check.
Add explicit check for an array before trying to access keys.