WordPress.org
Get WordPress

Make WordPress Core

Opened 13 months ago

Last modified 7 days ago

#62785 new defect (bug)

wp_kses_no_null() should be modified to handle $content having a null value

Reported by: room34's profile room34 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Formatting Keywords: has-patch has-unit-tests php81
Focuses: php-compatibility Cc:

Description

I've recently added some uses of the wp_kses_post() function to my plugin to pass [Plugin Check](https://wordpress.org/plugins/plugin-check/) tests, and found that there are a few cases where the variables I'm passing into that function may be null. When that's the case, I'm getting the following PHP error:

Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in wp-includes/kses.php on line 1805

I've traced this back to the wp_kses_no_null() function, which is not designed to handle the PHP 8.x requirement that you can't pass null values into preg_replace().

I worked around the issue by adding ?: '' into each instance of my use of wp_kses_post() but it seems to me that the wp_kses_no_null() function itself should be updated to handle the possibility that the $content input variable is null.

Change History (8)

This ticket was mentioned in PR #8096 on WordPress/wordpress-develop by @sukhendu2002.
13 months ago #1

  • Keywords has-patch has-unit-tests added

Trac ticket: https://core.trac.wordpress.org/ticket/62785

This ticket was mentioned in Slack in #core-test by oglekler. View the logs.
13 months ago

#3 @oglekler
13 months ago

  • Keywords php81 needs-testing added

#4 @sabernhardt
13 months ago

  • Version 6.7.1 deleted

the wp_kses_no_null() function, which is not designed to handle the PHP 8.x requirement that you can't pass null values into preg_replace().

The deprecation notice started with one of the PHP 8.x versions, but these KSES functions have explicitly required a string as the first parameter for more than 15 years. [6630] specified the type in documentation for wp_kses_no_null() and wp_kses(); [12125] documented the type when it introduced wp_kses_post().

A non-string value for that parameter could be a symptom of a bigger problem, and then silencing the deprecation notice with an empty string could hinder developers from discovering the error.

Please investigate your plugin's code (without the workarounds) to find where you might still have a null value in wp_kses_post(). For example, if either $event['label'] or $event['sublabel'] is somehow not a string, I think you would still have a problem with str_replace() in version 11.5.1.1.

#5 @sabernhardt
10 months ago

#63108 was marked as a duplicate.

#6 @sajib1223
6 weeks ago

Test Report

Description

This report validates whether the indicated patch works as expected.

Patch tested: https://github.com/WordPress/wordpress-develop/pull/8096

Environment

  • WordPress: 6.9
  • PHP: 8.3.28
  • Server: Apache/2.4.65 (Debian)
  • Database: mysqli (Server: 10.6.24-MariaDB-ubu2204 / Client: mysqlnd 8.3.28)
  • Browser: Firefox 145.0
  • OS: Windows 10/11
  • Theme: Twenty Twenty 3.0
  • MU Plugins: None activated
  • Plugins:
    • KSES Null Test Plugin 1.0.0
    • Test Reports 1.2.1

Actual Results

  1. ✅ Issue resolved with patch.

Additional Notes

  • Created a custom plugin to run this function in a admin screen - wp_kses_post(null);
  • Before patch, it showed - Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /var/www/html/wp-includes/kses.php on line 2035 message.
  • After patch, not error were shown.

Supplemental Artifacts

None.

#7 @huzaifaalmesbah
9 days ago

Test Report

Patch tested: https://github.com/WordPress/wordpress-develop/pull/8096

Steps to Reproduce or Test

  1. Create a plugin file any named (e.g: reproduce-kses-null.php) with the Helper Plugin Code provided below.
  2. Navigate to the WordPress admin dashboard and activate the plugin.
  3. Observe the admin notice displayed at the top of the screen.

Helper Plugin Code

<?php
/**
 * Plugin Name: Reproduce KSES Null Issue
 */

add_action( 'admin_notices', function() {
	$err = null;
	$old = error_reporting( E_ALL );

	set_error_handler( function( $no, $str ) use ( &$err ) {
		if ( strpos( $str, 'Passing null' ) !== false ) $err = $str;
	} );

	wp_kses_no_null( null );

	restore_error_handler();
	error_reporting( $old );

	$class = $err ? 'error' : 'success';
	$msg   = $err ? "FAIL: $err" : 'PASS: No deprecation warning.';
	echo "<div class='notice notice-$class'><p>$msg of wp_kses_no_null</p></div>";
} );

Expected Results

  • ✅ The function wp_kses_no_null( null ) should return an empty string.
  • ✅ No deprecation warnings (e.g., preg_replace(): Passing null...) should be triggered.

Environment

  • WordPress: 7.0-alpha-61215-src
  • PHP: 8.2.29
  • Server: nginx/1.29.4
  • Database: mysqli (Server: 8.4.7 / Client: mysqlnd 8.2.29)
  • Browser: Chrome 143.0.0.0
  • OS: macOS
  • Theme: Twenty Twenty-Five 1.4
  • MU Plugins: None activated
  • Plugins:
    • Reproduce KSES Null Issue
    • Test Reports 1.2.1

Actual Results

Before applying the patch

  • ❌ A deprecation warning notice was displayed: FAIL: Deprecation warning detected...

After applying the bugfix patch

  • ✅ Issue resolved. The success notice PASS: No deprecation warning. is displayed.

Screenshots

Before Apply Patch After Apply Patch ✅
https://i.ibb.co/qSmD9NK/Huzaifa-20260114155814.png https://i.ibb.co/27ghYqv7/Huzaifa-20260114155745.png

#8 @huzaifaalmesbah
7 days ago

  • Keywords needs-testing removed
Note: See TracTickets for help on using tickets.