[wp-trac] [WordPress Trac] #52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte

WordPress Trac noreply at wordpress.org
Sat Jul 1 16:45:11 UTC 2023 

#52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does
not handle null byte
-------------------------------------------------+-------------------------
 Reporter:  bitcomplex                           |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  6.3
Component:  Posts, Post Types                    |     Version:  5.6.2
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests needs-      |     Focuses:
  testing changes-requested                      |
-------------------------------------------------+-------------------------
Changes (by costdev):

 * keywords:  has-patch has-unit-tests needs-testing => has-patch has-unit-
     tests needs-testing changes-requested


Comment:

 Certainly the implementation in `map_deep()`, for example, doesn't take an
 `(object) (array) $object` scenario into account, nor does its
 documentation exclude that scenario. In that regard, we could do with
 improving the implementation to account for this.

 While introducing and implementing `wp_get_object_vars()` should cover
 that scenario, I'm aware that this also enables extenders to forego good
 practice of following migration principles.

 I've left a review on [https://github.com/WordPress/wordpress-
 develop/pull/3607 PR 3607] to tidy things up and meet Core
 standards/convention should it get support for inclusion in Core. Adding
 `changes-requested` to indicate the current status of the patch.

 As @oglekler mentions, there are other instances of `get_object_vars()` in
 Core that haven't been changed to use `wp_get_object_vars()`. As the PR
 adds tests for each of the changed calls, we may either want to do
 everything at once, or follow-up with additional patches to tackle the
 rest where applicable.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52738#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list