[wp-trac] [WordPress Trac] #54160: sanitize_key() / _wp_customize_include() is not able to handle non-scalar values

WordPress Trac noreply at wordpress.org
Fri Dec 10 22:08:25 UTC 2021

#54160: sanitize_key() / _wp_customize_include() is not able to handle non-scalar
 Reporter:  dd32                        |       Owner:  hellofromTonya
     Type:  defect (bug)                |      Status:  reopened
 Priority:  normal                      |   Milestone:  6.0
Component:  Formatting                  |     Version:
 Severity:  normal                      |  Resolution:
 Keywords:  has-patch needs-unit-tests  |     Focuses:

Comment (by wppunk):

 > The function is clear that sanitizes a string key. The documentation is
 not incorrect. The usage is incorrect.

 Not all WordPress developers will check PHPDoc before usage. To understand
 that the function works only with strings, the function name isn't enough.

 > If the data type is scalar but not a string, then you're right, it does
 pass through without an error; else, a PHP Warning is thrown for `Warning:
 strtolower() expects parameter 1 to be string`. In this case, a
 `E_USER_NOTICE` could be triggered to alert of an incorrect data type
 passed to it.

 It worked for scalar and not string types without any messages.

 I have the following logic:
 - It worked with numbers a few years.
 - PHP isn't a strict typing language (at least PHP5.6 which WordPress

 To wrap up. I'm sure that a deprecation message should be added for scalar
 but not string types. In such a way, the strict typing implementation will
 be smooth.

Ticket URL: <https://core.trac.wordpress.org/ticket/54160#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list