Opened 5 years ago
Closed 5 years ago
#48549 closed defect (bug) (fixed)
wp_kses_attr_check: add isset before accessing array key
Reported by: | tristanleboss | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 5.4 | Priority: | normal |
Severity: | normal | Version: | 5.2.4 |
Component: | Formatting | Keywords: | has-patch |
Focuses: | Cc: |
Description
In file wp-includes/kses.php
, the first line of the function wp_kses_attr_check
tries to use a function argument directly as an array key without any check if it exists. This throws a notice in PHP if the key doesn't exists.
As this function is publicly available, I think it would be a cool idea to do some check before using the variable as an array key.
<?php function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) { $allowed_attr = $allowed_html[ strtolower( $element ) ];
Attachments (1)
Change History (4)
Note: See
TracTickets for help on using
tickets.
In 46959: