[wp-meta] [Making WordPress.org] #2925: occurence of literal '\0' in docblock `@param` of wp_kses_no_null() causes a null character in the corresponding meta_value

Making WordPress.org noreply at wordpress.org
Tue Jul 4 19:13:25 UTC 2017 

#2925: occurence of literal '\0' in docblock `@param` of wp_kses_no_null() causes
a null character in the corresponding meta_value
---------------------------+-----------------
 Reporter:  pbiron         |      Owner:
     Type:  defect         |     Status:  new
 Priority:  normal         |  Milestone:
Component:  Developer Hub  |   Keywords:
---------------------------+-----------------
 The docblock for
 [[https://developer.wordpress.org/reference/functions/wp_kses_no_null/|wp_kses_no_null()]]
 is as follows:

 {{{#!php
 <?php
 /**
  * Removes any invalid control characters in $string.
  *
  * Also removes any instance of the '\0' string.
  *
  * @since 1.0.0
  *
  * @param string $string
  * @param array $options Set 'slash_zero' => 'keep' when '\0' is allowed.
 Default is 'remove'.
  * @return string
  */
 }}}

 The occurrence of `\0` in the description of `@param array $options`
 results in a null character being written to the corresponding meta_value.

 I discovered this after exporting my local mirror of DevHub and then doing
 an XML parser of the WXR: the null character is illegal in XML and was
 reported as such by the XML parser.

 I don't know if this is a problem with `parsedown` or somewhere else in
 `phpdoc-parser`.  Oddly enough, the occurrence of `\0` in the short
 description causes no problems.

 Double-escaping `\0` in the `@param` corrects the problem, as in:

 {{{#!php
 <?php
 /**
  * Removes any invalid control characters in $string.
  *
  * Also removes any instance of the '\0' string.
  *
  * @since 1.0.0
  *
  * @param string $string
  * @param array $options Set 'slash_zero' => 'keep' when '\\\\0' is
 allowed. Default is 'remove'.
  * @return string
  */
 }}}

 As of today, this is the only occurrence of `\0` in a `@param` in all of
 the sources

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/2925>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list