Make WordPress Core

Opened 9 days ago

#48549 new defect (bug)

wp_kses_attr_check: add isset before accessing array key

Reported by: tristanleboss Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.2.4
Component: General Keywords: needs-patch
Focuses: Cc:
PR Number:


In file wp-includes/kses.php, the first line of the function wp_kses_attr_check tries to use a function argument directly as an array key without any check if it exists. This throws a notice in PHP if the key doesn't exists.

As this function is publicly available, I think it would be a cool idea to do some check before using the variable as an array key.

function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
        $allowed_attr = $allowed_html[ strtolower( $element ) ];

Change History (0)

Note: See TracTickets for help on using tickets.