#33118 closed defect (bug) (fixed)
Don't assume the $post is an array in sanitize_post().
Reported by: | morganestes | Owned by: | wonderboymusic |
---|---|---|---|
Milestone: | 4.4 | Priority: | normal |
Severity: | normal | Version: | 2.5 |
Component: | Posts, Post Types | Keywords: | has-patch 2nd-opinion |
Focuses: | Cc: |
Description
sanitize_post()
expects $post
to be an object (OBJECT
|WP_Post) or an array (ARRAY_A
|ARRAY_N
), and returns the same type, but only checks for is_object()
, then assumes it's an array and iterates over it as one without further checking.
It may be a bit overkill, but explicitly checking for is_array()
seems like the right thing to do to avoid potential errors thrown by trying to use array_keys()
over a non-array.
Attachments (1)
Change History (7)
#3
@
9 years ago
- Milestone changed from Awaiting Review to 4.4
- Owner set to wonderboymusic
- Status changed from new to assigned
#5
follow-up:
↓ 6
@
9 years ago
- Keywords 2nd-opinion added
Seems to me there should be an else $post = null
if this is a sanitization function.
#6
in reply to:
↑ 5
@
9 years ago
Replying to kitchin:
Seems to me there should be an
else $post = null
if this is a sanitization function.
I don't think completely changing the expected return type by nullifying it is the way to go here, but I could see throwing a 'doing_it_wrong' early if fails a type check.
Add explicit check for an array before trying to access keys.