mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-27 19:47:42 +01:00
dfef2c917f
This is a follow-up to [52292] which introduced `is_string()` to check the given key is a string to be sanitized, else the key is set to an empty string. `sanitize_key()` is clearly identified (in the documentation) to only work with ''string'' keys. However, it had a bug in it that allowed non-strings to pass through it: * A non-scalar "key" would throw a PHP Warning (which was resolved in [52292]. * A non-string scalar "key" was handled by the PHP native `strtolower()` which converted it into a string. While `is_string()` is valid, non-string scalar types passed as the key to be sanitized were being set to an empty string. Given that `strtolower()` handles these without error or deprecation as of PHP 8.1, `is_scalar()` protects the website from issues while retaining the past behavior of converting integer keys (for example) into a string. Changes include: * Using `is_scalar()` instead of `is_string()` * Refactor for readability and less code * More tests Please note, this does not change the behavior of the function, nor redefine it to now accept non-string scalars. References: * https://developer.wordpress.org/reference/functions/sanitize_key/ * https://www.php.net/manual/en/function.strtolower.php Follow-up [52292]. Props wppunk, hellofromTonya, costdev, jrf. Fixes #54160. Built from https://develop.svn.wordpress.org/trunk@52370 git-svn-id: http://core.svn.wordpress.org/trunk@51962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
48 lines
939 B
PHP
48 lines
939 B
PHP
<?php
|
|
/**
|
|
* WordPress Version
|
|
*
|
|
* Contains version information for the current WordPress release.
|
|
*
|
|
* @package WordPress
|
|
* @since 1.2.0
|
|
*/
|
|
|
|
/**
|
|
* The WordPress version string.
|
|
*
|
|
* Holds the current version number for WordPress core. Used to bust caches
|
|
* and to enable development mode for scripts when running from the /src directory.
|
|
*
|
|
* @global string $wp_version
|
|
*/
|
|
$wp_version = '5.9-beta2-52370';
|
|
|
|
/**
|
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
|
*
|
|
* @global int $wp_db_version
|
|
*/
|
|
$wp_db_version = 51917;
|
|
|
|
/**
|
|
* Holds the TinyMCE version.
|
|
*
|
|
* @global string $tinymce_version
|
|
*/
|
|
$tinymce_version = '49110-20201110';
|
|
|
|
/**
|
|
* Holds the required PHP version.
|
|
*
|
|
* @global string $required_php_version
|
|
*/
|
|
$required_php_version = '5.6.20';
|
|
|
|
/**
|
|
* Holds the required MySQL version.
|
|
*
|
|
* @global string $required_mysql_version
|
|
*/
|
|
$required_mysql_version = '5.0';
|