Make WordPress Core

Opened 11 months ago

Closed 3 months ago

#60650 closed defect (bug) (wontfix)

sanitize_locale_name() should reject non-strings

Reported by: dd32's profile dd32 Owned by:
Milestone: Priority: lowest
Severity: trivial Version: 6.2.1
Component: I18N Keywords: close
Focuses: Cc:

Description

While debugging some locale-related oddities, I ran into sanitize_locale_name() happily accepting arrays.

wp> sanitize_locale_name( [ 'test@test' => 'test@test' ] );

array(1) {
  'test@test' =>
  string(8) "testtest"
}

This is not uncommon for WordPress functions that rely upon preg_replace() and a number of other sanitize functions behave similarly.

I would expect an array input to return either '' as array( .. ) is not a valid string.

Change History (4)

#1 @swissspidy
11 months ago

Returning an empty string if the input is not a string souvds reasonable. However, note that the docblock says the function expects a string.

#2 in reply to: ↑ description @ocean90
11 months ago

Replying to dd32:

and a number of other sanitize functions behave similarly.

It seems like only sanitize_key() has a check for is_scalar()? I guess if sanitize_locale_name() needs to be updated we should make all sanitize functions consistent in this way.

#3 @swissspidy
9 months ago

  • Keywords close added

Revisiting this, I don't see a need to change just this function specifically.

#4 @swissspidy
3 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.