[wp-trac] [WordPress Trac] #54160: sanitize_key() / _wp_customize_include() is not able to handle non-scalar values

WordPress Trac noreply at wordpress.org
Fri Dec 10 21:13:59 UTC 2021


#54160: sanitize_key() / _wp_customize_include() is not able to handle non-scalar
values
----------------------------------------+-----------------------------
 Reporter:  dd32                        |       Owner:  hellofromTonya
     Type:  defect (bug)                |      Status:  reopened
 Priority:  normal                      |   Milestone:  5.9
Component:  Formatting                  |     Version:
 Severity:  normal                      |  Resolution:
 Keywords:  has-patch needs-unit-tests  |     Focuses:
----------------------------------------+-----------------------------
Changes (by hellofromTonya):

 * keywords:  has-patch has-unit-tests => has-patch needs-unit-tests


Comment:

 @wppunk Thank you for providing a sample of the code. An integer, i.e. the
 index of an array, does not need to be sanitized.

 Here's an example of how to adjust your dynamic code
 https://3v4l.org/9sgAf.

 As I previously noted, `sanitize_key()` expects a string key. See the
 documentation here
 https://developer.wordpress.org/reference/functions/sanitize_key/. Notice
 that it says "Sanitizes a string key."

 Why did it work in 5.8, but doesn't now?

 Improvements have been made in 5.9 to validate the values given to
 functions to ensure they are of the documented data type. Passing anything
 other than a string value is considered a bug, i.e. doing it wrong.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54160#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list