[wp-trac] [WordPress Trac] #48035: Extra security against warning error for shortcodes

WordPress Trac noreply at wordpress.org
Sat Sep 14 06:46:47 UTC 2019 

#48035: Extra security against warning error for shortcodes
---------------------------+----------------------
 Reporter:  ignatiusjeroe  |       Owner:  (none)
     Type:  enhancement    |      Status:  closed
 Priority:  normal         |   Milestone:
Component:  Shortcodes     |     Version:  5.2.3
 Severity:  minor          |  Resolution:  wontfix
 Keywords:                 |     Focuses:
---------------------------+----------------------
Changes (by SergeyBiryukov):

 * keywords:  close =>
 * status:  new => closed
 * resolution:   => wontfix
 * milestone:  Awaiting Review =>


Old description:

> Function 'shortcode_regex( $tagnames = null )' expects an array. But if
> the users enters a string it triggers an php warning error. It's would be
> better to just type set the parameter to an array. For example:
>

> function get_shortcode_regex( $tagnames = null ) {
>         global $shortcode_tags;
>
>         $tagnames = (array) $tagnames; // string typeset to an array.
> Alternate version: settype( $tagname, 'array' );
>
>         if ( empty( $tagnames ) ) {
> //....more core code
>
> source: includes/shortcodes.php

New description:

 Function 'shortcode_regex( $tagnames = null )' expects an array. But if
 the users enters a string it triggers an php warning error. It's would be
 better to just type set the parameter to an array. For example:

 {{{
 function get_shortcode_regex( $tagnames = null ) {
         global $shortcode_tags;

         $tagnames = (array) $tagnames; // string typeset to an array.
 Alternate version: settype( $tagname, 'array' );

         if ( empty( $tagnames ) ) {
 //....more core code
 }}}
 source: includes/shortcodes.php

--

Comment:

 Hi there, welcome to WordPress Trac! Thanks for the ticket.

 I agree with the comment above.

 This looks similar to the discussions in #17299, #18927, #23767, and
 #27489 (those tickets are unrelated to this particular function, but they
 suggest a similar enhancement for other functions). The consensus was that
 we should not hide warnings caused by developer errors, unless there is a
 strong reason. It would just make debugging harder.

 If a valid parameter generates a warning, we should certainly fix that.
 However, in case of an invalid parameter, I think the warning is to be
 expected.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48035#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list