From e9617427691eb3515be135be8754d1737e0dc96d Mon Sep 17 00:00:00 2001 From: desrosj Date: Fri, 4 Jan 2019 20:30:45 +0000 Subject: [PATCH] Customize: Safeguard a check on the `customize_validate_{$setting_id}` filter value to ensure it is a `WP_Error`. While the filter is documented to only support a `WP_Error`, it has been a common practice to return true in a validation function if no errors have occurred. This was already caught when the same filter was executed in `WP_Customize_Setting`, it was however missing in `WP_Customize_Manager::validate_setting_values()`. Props flixos90. Merges [43578] to the 5.0 branch. Fixes #44809. Built from https://develop.svn.wordpress.org/branches/5.0@44392 git-svn-id: http://core.svn.wordpress.org/branches/5.0@44222 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-customize-manager.php | 2 +- wp-includes/version.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index a4bc90f7f8..9012273c30 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -2284,7 +2284,7 @@ final class WP_Customize_Manager { if ( ! is_wp_error( $validity ) ) { /** This filter is documented in wp-includes/class-wp-customize-setting.php */ $late_validity = apply_filters( "customize_validate_{$setting->id}", new WP_Error(), $unsanitized_value, $setting ); - if ( ! empty( $late_validity->errors ) ) { + if ( is_wp_error( $late_validity ) && ! empty( $late_validity->errors ) ) { $validity = $late_validity; } } diff --git a/wp-includes/version.php b/wp-includes/version.php index 13e152b849..86f4019d6b 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '5.0.3-alpha-44390'; +$wp_version = '5.0.3-alpha-44392'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.