WordPress.org

Make WordPress Core

Opened 5 months ago

#52738 new defect (bug)

Use of get_object_vars does not handle null byte

Reported by: bitcomplex Owned by:
Milestone: Awaiting Review Priority: normal
Severity: critical Version: 5.6.2
Component: General Keywords:
Focuses: Cc:

Description

In places where get_object_vars is used to loop over an objects properties and then trying to access them null bytes are not handled.

There is an old bug-report (from me) for map_deep https://core.trac.wordpress.org/ticket/47164 but now we are experience this in other places too; in sanitize_post and in the constructor of class-wp-post.

This is totally destroying our business and I don't know what to do. Since I reported the issue for map_deep I have had to manually patch formatting.php every time there is a WordPress update. But now, trying to handle all the places get_object_vars is used in hopeless.

Best approach to handle this would be to always filter the return values from get_object_vars. Something like:

<?php
    $properties = array_filter( fn( $var ) => ord( $var ) !== 0, get_object_vars( $object )); 

Change History (0)

Note: See TracTickets for help on using tickets.