#58061 closed enhancement (fixed)
Replace '==' with '===' in wp-admin/update-core.php
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 6.5 | Priority: | low |
Severity: | normal | Version: | |
Component: | Upgrade/Install | Keywords: | has-patch changes-requested |
Focuses: | coding-standards | Cc: |
Description
The WordPress PHP coding standards recommend using the strict equality operator '===' instead of '==' when checking conditions. This is because '==' performs type coercion, which can lead to unexpected results or security issues in some cases.
However, the WordPress core file wp-admin/update-core.php, on line 184, uses '=='. To ensure consistency with the WordPress coding standards and improve the security and stability of the code, I propose replacing '==' with '===' on this line.
This change will ensure that the comparison is performed using strict type checking, preventing any unexpected type coercion or security issues that may arise due to loose comparisons.
With this change, I will create a pull request to the WordPress core repository.
Change History (8)
This ticket was mentioned in PR #4292 on WordPress/wordpress-develop by @wpfy.
23 months ago
#1
- Keywords has-patch added; needs-patch removed
#2
@
23 months ago
- Keywords changes-requested added
- Priority changed from normal to low
- Type changed from defect (bug) to enhancement
- Version trunk deleted
Hi there! thanks for ticket and PR!
I left feedback on PR, take a look.
23 months ago
#3
Thank you so much @mukeshpanchal27 for your feedback
Yeah, I have made the change on line 45 and committed again.
Though I am very new to this system, not sure is this commit only enough or not. If need any further action, please let me know.
Thanks again for your help!
23 months ago
#4
$wp_version
as returned by get_bloginfo( 'version' )
seems to always be a string. However not so sure about $update->partial_version
. Also seems there is a chance that get_bloginfo()
may return something else as it just returns the global $wp_version
which may have been changed by plugins.
Imho to be able to use strict comparison with full confidence both sides will have to be cast to (string)
.
#5
@
13 months ago
- Owner set to SergeyBiryukov
- Resolution set to fixed
- Status changed from new to closed
In 57529:
@SergeyBiryukov commented on PR #4292:
13 months ago
#8
Thanks for the PR! Merged in r57529.
The WordPress PHP coding standards recommend using the strict equality operator '===' instead of '==' when checking conditions. This is because '==' performs type coercion, which can lead to unexpected results or security issues in some cases.
However, the WordPress core file wp-admin/update-core.php, on line 184, uses '=='. To ensure consistency with the WordPress coding standards and improve the security and stability of the code, I propose replacing '==' with '===' on this line.
This change will ensure that the comparison is performed using strict type checking, preventing any unexpected type coercion or security issues that may arise due to loose comparisons.
With this change, I will create a pull request to the WordPress core repository.
Trac ticket: https://core.trac.wordpress.org/ticket/58061