[wp-trac] [WordPress Trac] #48549: wp_kses_attr_check: add isset before accessing array key
WordPress Trac
noreply at wordpress.org
Sun Nov 10 03:07:31 UTC 2019
#48549: wp_kses_attr_check: add isset before accessing array key
---------------------------+-----------------------------
Reporter: tristanleboss | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.2.4
Severity: normal | Keywords: needs-patch
Focuses: |
---------------------------+-----------------------------
In file `wp-includes/kses.php`, the first line of the function
`wp_kses_attr_check` tries to use a function argument directly as an array
key without any check if it exists. This throws a notice in PHP if the key
doesn't exists.
As this function is publicly available, I think it would be a cool idea to
do some check before using the variable as an array key.
{{{#!php
<?php
function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element,
$allowed_html ) {
$allowed_attr = $allowed_html[ strtolower( $element ) ];
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48549>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list