Make WordPress Core

Opened 6 weeks ago

Last modified 5 weeks ago

#62785 new defect (bug)

wp_kses_no_null() should be modified to handle $content having a null value

Reported by: room34's profile room34 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Formatting Keywords: has-patch has-unit-tests php81 needs-testing
Focuses: php-compatibility Cc:

Description

I've recently added some uses of the wp_kses_post() function to my plugin to pass [Plugin Check](https://wordpress.org/plugins/plugin-check/) tests, and found that there are a few cases where the variables I'm passing into that function may be null. When that's the case, I'm getting the following PHP error:

Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in wp-includes/kses.php on line 1805

I've traced this back to the wp_kses_no_null() function, which is not designed to handle the PHP 8.x requirement that you can't pass null values into preg_replace().

I worked around the issue by adding ?: '' into each instance of my use of wp_kses_post() but it seems to me that the wp_kses_no_null() function itself should be updated to handle the possibility that the $content input variable is null.

Change History (4)

This ticket was mentioned in PR #8096 on WordPress/wordpress-develop by @sukhendu2002.


6 weeks ago
#1

  • Keywords has-patch has-unit-tests added

This ticket was mentioned in Slack in #core-test by oglekler. View the logs.


5 weeks ago

#3 @oglekler
5 weeks ago

  • Keywords php81 needs-testing added

#4 @sabernhardt
5 weeks ago

  • Version 6.7.1 deleted

the wp_kses_no_null() function, which is not designed to handle the PHP 8.x requirement that you can't pass null values into preg_replace().

The deprecation notice started with one of the PHP 8.x versions, but these KSES functions have explicitly required a string as the first parameter for more than 15 years. [6630] specified the type in documentation for wp_kses_no_null() and wp_kses(); [12125] documented the type when it introduced wp_kses_post().

A non-string value for that parameter could be a symptom of a bigger problem, and then silencing the deprecation notice with an empty string could hinder developers from discovering the error.

Please investigate your plugin's code (without the workarounds) to find where you might still have a null value in wp_kses_post(). For example, if either $event['label'] or $event['sublabel'] is somehow not a string, I think you would still have a problem with str_replace() in version 11.5.1.1.

Note: See TracTickets for help on using tickets.