[wp-trac] [WordPress Trac] #53235: Ensure consistent type for integer properties of WP_Post, WP_Term, and WP_User

WordPress Trac noreply at wordpress.org
Wed May 19 22:12:25 UTC 2021 

#53235: Ensure consistent type for integer properties of WP_Post, WP_Term, and
WP_User
----------------------------+-----------------------------
 Reporter:  SergeyBiryukov  |       Owner:  SergeyBiryukov
     Type:  defect (bug)    |      Status:  closed
 Priority:  normal          |   Milestone:  5.8
Component:  General         |     Version:
 Severity:  normal          |  Resolution:  fixed
 Keywords:  has-patch       |     Focuses:
----------------------------+-----------------------------
Description changed by SergeyBiryukov:

Old description:

> Background: #52995.
>
> Some properties of the `WP_Post`, `WP_Term`, and `WP_User` classes are
> documented as integers, so it should be a safe assumption to always treat
> them as such. However, that is not the case when `get_post()` or
> `get_term()` is called with an `edit`, `attribute`, or `js` context,
> because all values are run through `esc_attr()` or `esc_js()` in that
> case, and these properties are unexpectedly converted to strings.
>
> As WordPress moves to strict type comparisons in tickets like #52627 or
> #52482, it is important to make the type of these properties consistent
> in all contexts, so that using strict comparison does not cause
> unexpected issues.
>
> This applies to the following functions:
>
> * `sanitize_post_field()`
> * `sanitize_term_field()`
> * `sanitize_user_field()`
>
> and the following properties:
>
> * `WP_Post::ID`
> * `WP_Post::post_parent`
> * `WP_Post::menu_order`
> * `WP_Term::parent`
> * `WP_Term::term_id`
> * `WP_Term::count`
> * `WP_Term::term_group`
> * `WP_Term::term_taxonomy_id`
> * `WP_Term::object_id`
> * `WP_User::ID`

New description:

 Background: #52995.

 Some properties of the `WP_Post`, `WP_Term`, and `WP_User` classes are
 documented as integers, so it should be a safe assumption to always treat
 them as such. However, that is not the case when `get_post()` or
 `get_term()` is called with an `edit`, `attribute`, or `js` context,
 because all values are run through `esc_attr()` or `esc_js()` in that
 case, and these properties are unexpectedly converted to strings.

 As WordPress moves to strict type comparisons in tickets like #52627 or
 #52482, it is important to make the type of these properties consistent in
 all contexts, so that using strict comparison does not cause unexpected
 issues.

 This applies to the following functions:

 * `sanitize_post_field()`
 * `sanitize_term_field()`
 * `sanitize_user_field()`

 and the following properties:

 * `WP_Post::ID`
 * `WP_Post::post_parent`
 * `WP_Post::menu_order`
 * `WP_Term::term_id`
 * `WP_Term::term_taxonomy_id`
 * `WP_Term::parent`
 * `WP_Term::count`
 * `WP_Term::term_group`
 * `WP_User::ID`

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/53235#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list