[wp-trac] [WordPress Trac] #34405: Retrieval of meta value that is an array.
WordPress Trac
noreply at wordpress.org
Fri Oct 23 00:10:53 UTC 2015
#34405: Retrieval of meta value that is an array.
--------------------------------+-----------------------------
Reporter: alexwbaumann | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Options, Meta APIs | Version: 4.3.1
Severity: normal | Keywords:
Focuses: |
--------------------------------+-----------------------------
Simply using $post->meta_value automatically runs get_post_meta(). This
happens in [https://core.trac.wordpress.org/browser/tags/4.3.1/src/wp-
includes/post.php#L748] (post.php line 748).
That value then goes into sanitize_post_field()
[https://core.trac.wordpress.org/browser/tags/4.3.1/src/wp-
includes/post.php#L751] (post.php line 751). The value then gets modified
at [https://core.trac.wordpress.org/browser/tags/4.3.1/src/wp-
includes/post.php#L2215] (post.php line 2251) through esc_attr().
Codex entry for [https://codex.wordpress.org/Function_Reference/esc_attr]
(esc_attr()) shows that the only parameter that should be sent is a
string.
This process works for strings. However, if our meta value is an array, we
get a PHP notice (Notice: Array to string conversion in /var/www/html/wp
/wp-includes/formatting.php on line 959). Then returns a sting(5) 'Array'
instead of the actual array.
I think that the best option may be to edit esc_attr() or the subsequent
function wp_check_invalid_utf8() to allow for arrays to be passed to them.
Alternatively the quick dirty fix would be to not send an array into
sanitize_post_field.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34405>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list