[wp-trac] [WordPress Trac] #56434: Check that the input is a string in wp_strip_all_tags()
WordPress Trac
noreply at wordpress.org
Sun Aug 28 23:09:44 UTC 2022
#56434: Check that the input is a string in wp_strip_all_tags()
-------------------------------------------------+-------------------------
Reporter: chocofc1 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.1
Component: Formatting | Version: 2.9
Severity: minor | Resolution:
Keywords: has-patch has-unit-tests php81 2nd- | Focuses:
opinion |
-------------------------------------------------+-------------------------
Comment (by jrf):
@peterwilsoncc There are two parts of your argumentation which don't sit
well with me:
1. WPCS is not the right tool to verify whether a supported type is being
passed to a function. So, saying that WPCS is *not* demanding something is
a non-argument here. If you want to improve type-safety as a dev: use
PHPStan or Psalm.
2. Your code sample comparison doesn't make sense as everything received
from `$_POST` will always be a string, so no changes are needed for that
code.
What's left is your concern for error logs. Sorry, but with the default
settings of WP, these kind of notices would not show and not be logged. A
user/dev would have to actively turn notices on to see them, which is
exactly what plugin/theme devs should do and why adding the notice should
have no effect on end-users.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56434#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list