#63625 closed enhancement (invalid)
esc_url and other - Clarify behavior on legacy PHP 8.0+ errors in edge cases
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 6.8 |
| Component: | General | Keywords: | has-patch close |
| Focuses: | Cc: |
Description
Hi,
We have esc_url function that expects a string as an argument for ltrim to work correctly. Before php 8, when receiving an array, this did not cause a Fatal Error. How about protecting yourself from a Fatal error and a site crash, for example, like this
<?php function esc_url( $url, $protocols = null, $_context = 'display' ) { if ( ! is_string( $url ) ) { return ''; } $url = ltrim( $url ); // ... }
Yes, I understand that this may look like a masking of the problem and in the end passing correct data to the function is a task that the developer should take care of, but here I think the gain from reliability is greater. Given that WordPress strives for backward compatibility and developer convenience, I believe this small adjustment would improve overall reliability and user experience.
Thanks for considering.
Attachments (1)
Change History (4)
Note: See
TracTickets for help on using
tickets.
Thanks for the ticket and the patch @alexanderkoledov. The problem with this approach is it almost completely masks the problem, which can be more harmful in the long term. There are likely dozens of functions in WordPress which exhibit similar behaviour when passed an incorrect type in PHP 8.
Given that PHP 8 was released nearly five years ago, I don't think it's a good idea to make this change now.