[wp-trac] [WordPress Trac] #54160: sanitize_key() / _wp_customize_include() is not able to handle non-scalar values
WordPress Trac
noreply at wordpress.org
Wed Sep 22 07:46:15 UTC 2021
#54160: sanitize_key() / _wp_customize_include() is not able to handle non-scalar
values
--------------------------+-----------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version:
Severity: normal | Keywords: has-patch
Focuses: |
--------------------------+-----------------------------
On WordPress.org it's common to see PHP Warnings such as the following:
> E_WARNING: strtolower() expects parameter 1 to be string, array given in
wwp-includes/formatting.php:2140
This is ultimately being triggered by a request similar to
https://example.org/?customize_changeset_uuid[]=junk
This query variable is not intended on containing an array, and the above
warning is triggered by `_wp_customize_include()` calling `sanitize_key(
array( ... ) )`.
Either `_wp_customize_include()` should validate the input, or
`sanitize_key()` should validate the input to the function. Normally I
would lean towards the former, but in this case I think it might be better
for the latter for where it's called in other contexts.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54160>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list