User roles property should always be an array, but they sometimes become an object in localized data

[haruncpi]

When filtering roles via array_filter() in wp-includes/class-wp-user.php, the resulting array ($this->roles) can retain non-sequential numeric keys, if any roles are filtered out. This causes WP_User->roles to be treated as an object when JSON-encoded (e.g., in wp_localize_script()), instead of a proper array, which breaks client-side expectations.

$current_user = wp_get_current_user();

$local_data = array(
    'current_user' => array(
        'id' => $current_user->ID,
        'roles' => $current_user->roles,
    ),
);

wp_localize_script( 'myplugin-frontend', '_myplugin_object', $local_data );

If roles contains keys like [0 => 'editor', 2 => 'seo'] , the resulting JSON becomes:

{ roles: { "0": "editor", "2": "custom" } }

Instead of

{ roles: ["editor", "custom"] }

[haruncpi]

Adds array reindexing to ensure roles remains a proper indexed array

When filtering roles via array_filter() in wp-includes/class-wp-user.php, the resulting array ($this->roles) can retain non-sequential numeric keys, if any roles are filtered out. This causes WP_User->roles to be treated as an object when JSON-encoded (e.g., in wp_localize_script()), instead of a proper array, which breaks client-side expectations.

$current_user = wp_get_current_user();

$local_data = array(
    'current_user' => array(
        'id' => $current_user->ID,
        'roles' => $current_user->roles,
    ),
);

wp_localize_script( 'myplugin-frontend', '_myplugin_object', $local_data );

If roles contains keys like [0 => 'editor', 2 => 'seo'], the resulting JSON becomes:

{ roles: { "0": "editor", "2": "custom" } }

Instead of

{ roles: ["editor", "custom"] }

Ticket’s URL
https://core.trac.wordpress.org/ticket/63427

### Test Report

I’ve tested this PR and can confirm that it works as expected. After applying the changes, the $current_user->roles array is properly reindexed using array_values(), ensuring sequential keys. The localized JSON output now correctly produces an array instead of a JavaScript object, which resolves the client-side issue.

Tested with multiple role combinations, including cases where some roles were removed — everything behaves correctly. ✅

### Testing environment:

WordPress Version: 6.8.1
PHP Version: 8.2.27
Theme: TwentyTwentyFive
Plugins: None installed
OS: Windows

Thanks for the Fix

[haruncpi]

Could you kindly take a look and review this fix? @SergeyBiryukov @desrosj

[SirLouen]

@haruncpi If you have a patch and a test report, you dont have to close the ticket. Leave it open for review with the patch. Closing with worksforme is used when someone reports a bug, you test it and you see there is no bug.

PS: I have not tested the patch, I'm just informing the user.

[haruncpi]

Thank you @SirLouen
Reopened for review.

[SirLouen]

@haruncpi I've added some code review in your PR. Give it a check when you can.

[SirLouen]

<has-code-review>

I've been able to track the introduction of array_keys back to 1.6 [2793], which is not the problem itself, but is the main reason of why this is happening. Because this thing has probably existed historically, from the inception of this function.

The question here is: @haruncpi why you don't simply preprocess the resulting json into an array, before delivering it to wp_localize_script?