[wp-trac] [WordPress Trac] #52738: Use of get_object_vars does not handle null byte
WordPress Trac
noreply at wordpress.org
Tue Mar 9 14:56:39 UTC 2021
#52738: Use of get_object_vars does not handle null byte
--------------------------+-----------------------------
Reporter: bitcomplex | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.6.2
Severity: critical | Keywords:
Focuses: |
--------------------------+-----------------------------
In places where get_object_vars is used to loop over an objects properties
and then trying to access them null bytes are not handled.
There is an old bug-report (from me) for map_deep
https://core.trac.wordpress.org/ticket/47164 but now we are experience
this in other places too; in sanitize_post and in the constructor of
class-wp-post.
This is totally destroying our business and I don't know what to do. Since
I reported the issue for map_deep I have had to manually patch
formatting.php every time there is a WordPress update. But now, trying to
handle all the places get_object_vars is used in hopeless.
Best approach to handle this would be to always filter the return values
from get_object_vars. Something like:
{{{#!php
<?php
$properties = array_filter( fn( $var ) => ord( $var ) !== 0,
get_object_vars( $object ));
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52738>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list