[wp-trac] [WordPress Trac] #47164: map_deep in formatting.php do not handle null-byte

[WordPress Trac]

#47164: map_deep in formatting.php do not handle null-byte
--------------------------+-----------------------------
 Reporter:  bitcomplex    |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Formatting    |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 {{{#!php
 <?php
 foreach ( $object_vars as $property_name => $property_value ) {
         $value->$property_name = map_deep( $property_value, $callback );
 }
 }}}

 The above code snippet in the function map_deep in formatting.php will
 trigger a fatal error if for some reason $property_name starts with a
 null-byte. null-bytes can exist in this context if $object_vars for some
 reason is from an object cast to an array. private and protected
 properties will be prefixed with null * null

 We've encountered it in the wild with serialized objects, and even though
 this is because of faulty programming (child classes with stricter access
 for properties than the parents) wordpress should handle this.

 The simples solution I can think of id to add:
 {{{#!php
 <?php
 foreach ( $object_vars as $property_name => $property_value ) {
                         **if (ord($property_name) === 0) {
                                 continue;
                         }**
                         $value->$property_name = map_deep(
 $property_value, $callback );
                 }
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47164>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform