Make WordPress Core

Opened 14 months ago

Closed 9 months ago

#58048 closed defect (bug) (duplicate)

Fix non-strict checking issue in /wp-admin/includes/class-ftp.php

Reported by: sharif200's profile sharif200 Owned by:
Milestone: Priority: normal
Severity: normal Version: 6.3
Component: Filesystem API Keywords: has-patch
Focuses: coding-standards Cc:

Description

To fix this issue, the == operator should be replaced with the === operator. This is a strict comparison operator, which checks both the value and type of the variables being compared. Therefore, using === ensures that the values and types match exactly.

Change History (3)

This ticket was mentioned in PR #4282 on WordPress/wordpress-develop by @sharif200.


14 months ago
#1

  • Keywords has-patch added; needs-patch removed

This PR fixes a non-strict checking issue in the hostname/address resolution code in /wp-admin/includes/class-ftp.php file in WordPress core. The code previously used the == operator instead of === operator, resulting in non-strict checking. The == operator only checks for value equality while the === operator checks for both value and type equality. This PR updates the code to use the === operator for type-safe checking. Additionally, the error message has been updated to provide more descriptive information about the issue.

Trac ticket: https://core.trac.wordpress.org/ticket/58048

#2 @kebbet
14 months ago

This file is part of the PemFTP-package. So not really sure if fixes should be applied directly in WordPress core, or upstream. There are changes applied to it in WordPress core (and not upstream). And there are multiple more issues in the file than the simple fix added in the linked PR, such as whitespaced, Yoda conditions and so forth.

Is the package adobted by core?

https://www.phpclasses.org/package/1743-PHP-FTP-client-in-pure-PHP.html

#3 @SergeyBiryukov
9 months ago

  • Component changed from General to Filesystem API
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac! Thanks for the ticket.

The FTP classes (class-ftp.php, class-ftp-pure.php, class-ftp-sockets.php) can be considered an "adopted" external library which is no longer supported upstream, see comment:9:ticket:24780.

That said, I think we should still minimize changes to them, as they don't need to follow WordPress coding standards and are excluded from WPCS checks, see comment:8:ticket:45967.

If that is ever reconsidered, they would need a lot more changes than proposed here.

This was previously raised in #45967, let's continue the discussion there.

Note: See TracTickets for help on using tickets.