[wp-trac] [WordPress Trac] #29722: wp_localize_script should be able to manage scalars

WordPress Trac noreply at wordpress.org
Wed Sep 23 16:24:02 UTC 2015 

#29722: wp_localize_script should be able to manage scalars
----------------------------------+------------------------------
 Reporter:  Fab1en                |       Owner:
     Type:  defect (bug)          |      Status:  new
 Priority:  normal                |   Milestone:  Awaiting Review
Component:  I18N                  |     Version:  3.3
 Severity:  normal                |  Resolution:
 Keywords:  has-patch needs-docs  |     Focuses:  javascript
----------------------------------+------------------------------

Comment (by jtsternberg):

 Replying to [comment:9 boonebgorges]:
 > > Scalars should work (they actually do, but not w/o warnings).
 >
 > > Changing this to a defect/bug because it's actually a bug in the way
 it's written (looping through $l10n by casting $l10n to an array but not
 checking if it's an array before stuffing an array key/value).
 >
 > They almost work. The `$l10n[$key]` bit means that HTML entities in
 scalars aren't currently decoded. The fact that this use throws a PHP
 notice is probably helpful to developers, as it lets them know that the
 decoding/sanitization is not taking place properly.

 Ah, yes, I missed that part (that the value was not being
 decoded/sanitized).

 > I don't see the huge hardship in just passing a singleton array as
 `$l10n` :) but I don't see any harm in accepting scalars here. The patch
 looks OK to me, but we need to have improved documentation - the docs for
 `wp_localize_script()` are already subpar, and this syntax enhancement
 makes it even less clear how the function is intended to be used.

 I'll add additional documentation, but I also discovered another path
 where the values would not be decoded/sanitized, and that is if `$l10n`
 had a multi-dimensional array. Any values deeper than the first level
 would be left untouched. This is because of the `if ( ! is_scalar( $value
 ) ) { continue;   }` check in the loop. I'm thinking maybe we want to do
 the `html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8')`
 recursively? If you agree, I can update this patch to create a recursive
 method for doing so.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/29722#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list