[wp-trac] [WordPress Trac] #54160: sanitize_key() / _wp_customize_include() is not able to handle non-scalar values

WordPress Trac noreply at wordpress.org
Fri Dec 10 21:48:53 UTC 2021


#54160: sanitize_key() / _wp_customize_include() is not able to handle non-scalar
values
----------------------------------------+-----------------------------
 Reporter:  dd32                        |       Owner:  hellofromTonya
     Type:  defect (bug)                |      Status:  reopened
 Priority:  normal                      |   Milestone:  6.0
Component:  Formatting                  |     Version:
 Severity:  normal                      |  Resolution:
 Keywords:  has-patch needs-unit-tests  |     Focuses:
----------------------------------------+-----------------------------

Comment (by hellofromTonya):

 Replying to [comment:22 wppunk]:
 >It shouldn't work in this way if this code worked for the int, float,
 bool types. That means the documentation was incorrect.

 The function is clear that sanitizes a string key. The documentation is
 not incorrect. The usage is incorrect.

 I appreciate that it adds work on your end to adjust your code to only
 pass a string key to it.

 >Because this bug is floating, it is pretty challenging to find this
 floating bug.

 If the data type is scalar but not a string, then you're right, it does
 pass through without an error; else, a PHP Warning is thrown for `Warning:
 strtolower() expects parameter 1 to be string`. In this case, a
 `E_USER_NOTICE` could be triggered to alert of an incorrect data type
 passed to it.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54160#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list