Formatting: Prevent wp_slash from returning non-strings as strings.

If a bool/float/int is passed into wp_slash it will be coerced into a string.

This changes the behavior to only slash strings. At the same time, handles recursion a little nicer by calling array_map for arrays.

Fixes #42195, #24106.

Props johnbillion, andizer, jrf, ryotasakamoto, SergeyBiryukov, donmhico, TobiasBg, markoheijnen, ryan, nacin, devesine, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@48433


git-svn-id: http://core.svn.wordpress.org/trunk@48202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
whyisjake 2020-07-11 00:13:04 +00:00
parent 919729508c
commit 7448ce4839
2 changed files with 8 additions and 11 deletions

View File

@ -5496,27 +5496,24 @@ function sanitize_trackback_urls( $to_ping ) {
}
/**
* Add slashes to a string or array of strings.
* Add slashes to a string or array of strings, in a recursive manner.
*
* This should be used when preparing data for core API that expects slashed data.
* This should not be used to escape data going directly into an SQL query.
*
* @since 3.6.0
* @since 5.5.0 Leave a non-string value untouched.
*
* @param string|array $value String or array of strings to slash.
* @return string|array Slashed $value
*/
function wp_slash( $value ) {
if ( is_array( $value ) ) {
foreach ( $value as $k => $v ) {
if ( is_array( $v ) ) {
$value[ $k ] = wp_slash( $v );
} else {
$value[ $k ] = addslashes( $v );
}
}
} else {
$value = addslashes( $value );
$value = array_map( 'wp_slash', $value );
}
if ( is_string( $value ) ) {
return addslashes( $value );
}
return $value;

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.5-beta1-48432';
$wp_version = '5.5-beta1-48433';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.