Opened 7 years ago
Last modified 7 years ago
#43752 new defect (bug)
ID, post_parent, menu_order on global $post object is a string in edit context; expecting int
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 4.9.5 |
| Component: | Posts, Post Types | Keywords: | needs-patch needs-unit-tests |
| Focuses: | Cc: |
Description
When I'm on an edit post screen, the ID, post_parent, menu_order attributes on the global $post object are strings. I expect them to be integers.
To quickly check, put this in a plugin:
<?php add_action( 'add_meta_boxes', function(){ add_meta_box( 'foo', 'bar', function( $post ) { var_dump($post->ID); }); });
Here's what's happening:
- in wp-admin/post.php the edit case happens, and within that the post gets reloaded here: https://github.com/WordPress/WordPress/blob/4.9.5/wp-admin/post.php#L167
- that function will run the post object through its own filter with filter edit here: https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/post.php#L552
- because at the time $this->filter = "raw", and the $filter is edit, that will run the object through sanitize_post here https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/class-wp-post.php#L354
- sanitize_post will, in turn, run all the fields through sanitize_post_field here: https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/post.php#L1940
- and even though we have 3 fields set as int (https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/post.php#L1973), by the time we get to this part (https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/post.php#L2027-L2034), those three will be ran through esc_attr
- esc_attr will feed it through _wp_specialchars here https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/formatting.php#L3978
- which begins with $string = (string) $string; here https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/formatting.php#L912
The part that throws me off is that sanitize_post_field declares these three properties to be integers at the beginning of the function, so I sort of expected them to come out as integers on the other end.
Change History (5)
#2
follow-up:
↓ 3
@
7 years ago
Original props goes to @alexrsoap for bumping into this and doing debugging that uncovered this.
#3
in reply to:
↑ 2
@
7 years ago
Replying to javorszky:
Original props goes to @alexrsoap for bumping into this and doing debugging that uncovered this.
Thanks for the props. Thanks to you for the legwork of verification and reporting.
Related WooCommerce issue on https://github.com/woocommerce/woocommerce/issues/19704 (tldr: it being a string causes it to slow down due to WC expecting the prop to be an int)