Opened 6 months ago
Last modified 5 months ago
#60650 new defect (bug)
sanitize_locale_name() should reject non-strings
Reported by: | dd32 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | lowest |
Severity: | trivial | Version: | 6.2.1 |
Component: | I18N | Keywords: | close |
Focuses: | Cc: |
Description
While debugging some locale-related oddities, I ran into sanitize_locale_name()
happily accepting arrays.
wp> sanitize_locale_name( [ 'test@test' => 'test@test' ] ); array(1) { 'test@test' => string(8) "testtest" }
This is not uncommon for WordPress functions that rely upon preg_replace()
and a number of other sanitize functions behave similarly.
I would expect an array input to return either ''
as array( .. )
is not a valid string.
Change History (3)
#2
in reply to:
↑ description
@
6 months ago
Replying to dd32:
and a number of other sanitize functions behave similarly.
It seems like only sanitize_key()
has a check for is_scalar()
? I guess if sanitize_locale_name()
needs to be updated we should make all sanitize functions consistent in this way.
Note: See
TracTickets for help on using
tickets.
Returning an empty string if the input is not a string souvds reasonable. However, note that the docblock says the function expects a string.