From 934d7cf523970652916bc72cc8f04aac60c9704a Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Mon, 3 Sep 2018 21:21:26 +0000 Subject: [PATCH] Customize: Safeguard a check on the `customize_validate_{$setting_id}` filter value to ensure it is a `WP_Error`. While the filter is documented to only support a `WP_Error`, it has been a common practice to return true in a validation function if no errors have occurred. This was already caught when the same filter was executed in `WP_Customize_Setting`, it was however missing in `WP_Customize_Manager::validate_setting_values()`. Props flixos90. Merges [43578] to the 4.9 branch. Fixes #44809. Built from https://develop.svn.wordpress.org/branches/4.9@43619 git-svn-id: http://core.svn.wordpress.org/branches/4.9@43448 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-customize-manager.php | 2 +- wp-includes/version.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index 5dfe5d04a6..1c0d91fa75 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -2284,7 +2284,7 @@ final class WP_Customize_Manager { if ( ! is_wp_error( $validity ) ) { /** This filter is documented in wp-includes/class-wp-customize-setting.php */ $late_validity = apply_filters( "customize_validate_{$setting->id}", new WP_Error(), $unsanitized_value, $setting ); - if ( ! empty( $late_validity->errors ) ) { + if ( is_wp_error( $late_validity ) && ! empty( $late_validity->errors ) ) { $validity = $late_validity; } } diff --git a/wp-includes/version.php b/wp-includes/version.php index d2229e0199..466226db3c 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9.9-alpha-43618'; +$wp_version = '4.9.9-alpha-43619'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.