From 9ede1fe55b4511c27b131efde614b3338432b35d Mon Sep 17 00:00:00 2001 From: hellofromTonya Date: Tue, 30 Nov 2021 20:11:02 +0000 Subject: [PATCH] Formatting: Handle non-scalar types passed to `sanitize_key()`. `sanitize_key()` expects a string type for the given `key`. Passing any other data type to `strtolower()` can result in `E_WARNING: strtolower() expects parameter 1 to be string, array given`. A check is added that if the key is not a string, the key is set to an empty string. For performance, the additional string processing is skipped if the key is an empty string. This change maintains backwards-compatibility for valid string keys while fixing the bug of non-string keys. Props costdev, dd32. Fixes #54160. Built from https://develop.svn.wordpress.org/trunk@52292 git-svn-id: http://core.svn.wordpress.org/trunk@51884 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 11 +++++++++-- wp-includes/version.php | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index c524b06928..576b3c657a 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -2137,8 +2137,15 @@ function sanitize_user( $username, $strict = false ) { */ function sanitize_key( $key ) { $raw_key = $key; - $key = strtolower( $key ); - $key = preg_replace( '/[^a-z0-9_\-]/', '', $key ); + + if ( ! is_string( $key ) ) { + $key = ''; + } + + if ( '' !== $key ) { + $key = strtolower( $key ); + $key = preg_replace( '/[^a-z0-9_\-]/', '', $key ); + } /** * Filters a sanitized key string. diff --git a/wp-includes/version.php b/wp-includes/version.php index a720a13e36..d890e34c51 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '5.9-alpha-52291'; +$wp_version = '5.9-alpha-52292'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.