From 7448ce4839598100ba4ed2d646a637df97c4d2c2 Mon Sep 17 00:00:00 2001
From: whyisjake <whyisjake@git.wordpress.org>
Date: Sat, 11 Jul 2020 00:13:04 +0000
Subject: [PATCH] Formatting: Prevent wp_slash from returning non-strings as
 strings.

If a bool/float/int is passed into wp_slash it will be coerced into a string.

This changes the behavior to only slash strings. At the same time, handles recursion a little nicer by calling array_map for arrays.

Fixes #42195, #24106.

Props johnbillion, andizer, jrf, ryotasakamoto, SergeyBiryukov, donmhico, TobiasBg, markoheijnen, ryan, nacin, devesine, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@48433


git-svn-id: http://core.svn.wordpress.org/trunk@48202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/formatting.php | 17 +++++++----------
 wp-includes/version.php    |  2 +-
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index c7b173621a..8f8c86f742 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -5496,27 +5496,24 @@ function sanitize_trackback_urls( $to_ping ) {
 }
 
 /**
- * Add slashes to a string or array of strings.
+ * Add slashes to a string or array of strings, in a recursive manner.
  *
  * This should be used when preparing data for core API that expects slashed data.
  * This should not be used to escape data going directly into an SQL query.
  *
  * @since 3.6.0
+ * @since 5.5.0 Leave a non-string value untouched.
  *
  * @param string|array $value String or array of strings to slash.
  * @return string|array Slashed $value
  */
 function wp_slash( $value ) {
 	if ( is_array( $value ) ) {
-		foreach ( $value as $k => $v ) {
-			if ( is_array( $v ) ) {
-				$value[ $k ] = wp_slash( $v );
-			} else {
-				$value[ $k ] = addslashes( $v );
-			}
-		}
-	} else {
-		$value = addslashes( $value );
+		$value = array_map( 'wp_slash', $value );
+	}
+
+	if ( is_string( $value ) ) {
+		return addslashes( $value );
 	}
 
 	return $value;
diff --git a/wp-includes/version.php b/wp-includes/version.php
index a1b7b92b1c..6e5acc9b3c 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.5-beta1-48432';
+$wp_version = '5.5-beta1-48433';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.