[wp-hackers] Changeset 11804

Chris Jean gaarai at gaarai.com
Tue Aug 11 20:21:09 UTC 2009


But it's not an empty array. Passing arr[]= as an argument does not pass
in an empty array. It passes in an array with a single empty element,
which is not an empty array.

So, array('') passes the empty check since it's not empty. Then when it
is forced to a string, it becomes an empty string.

This is why it is extremely-critical to do type checking.

Chris Jean
http://gaarai.com/
http://wp-roadmap.com/
http://dnsyogi.com/



Otto wrote:
> On Tue, Aug 11, 2009 at 2:32 PM, Chris Jean<gaarai at gaarai.com> wrote:
>   
>> The code actually has that exact test in it. wp-login.php line 190-191:
>>
>>    if ( empty( $key ) )
>>        return new WP_Error('invalid_key', __('Invalid key'));
>>
>> What it's not doing is a check for an array, which is why this works. So
>> not only do you have to validate, you have to type check.
>>     
>
> I don't follow that. An empty array is still empty.
>
> http://php.net/manual/en/function.empty.php
>
>  The following things are considered to be empty:
>
>     * "" (an empty string)
>     * 0 (0 as an integer)
>     * "0" (0 as a string)
>     * NULL
>     * FALSE
>     * array() (an empty array)
>     * var $var; (a variable declared, but without a value in a class)
>
>
> -Otto
> Sent from Memphis, TN, United States
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>   


More information about the wp-hackers mailing list