[wp-trac] [WordPress Trac] #52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte
WordPress Trac
noreply at wordpress.org
Sat Jul 1 07:46:22 UTC 2023
#52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does
not handle null byte
----------------------------------------------------+---------------------
Reporter: bitcomplex | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.3
Component: Posts, Post Types | Version: 5.6.2
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs-testing | Focuses:
----------------------------------------------------+---------------------
Comment (by oglekler):
@costdev @audrasjb @SergeyBiryukov @mukesh27, sorry for pinging you all,
but can you place look at this patch. The new function looks logical and
in WordPress tradition to replace PHP functions with owns to make them
more predictable with result, it is covered with unit tests;
get_object_vars() isn't replaced for the new wp_get_object_vars()
everywhere, but perhaps it is not needed.
@bitcomplex, what is the scenario when get_object_vars() gets an object
which has null as a property? It looks like a mistake from some other
place we are covering for, but fatal error is not pleasant.
I am also wondering if we need to add an error message to the debug log in
cases when it is actually happening to make this easier to debug for
developers who are making such a mistake.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52738#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list