[wp-trac] [WordPress Trac] #38203: Remove `absint` on object IDs in `delete_metadata`, etc

Thu Jul 17 22:13:24 UTC 2025

#38203: Remove `absint` on object IDs in `delete_metadata`, etc
--------------------------------+------------------------------
 Reporter:  peterwilsoncc       |       Owner:  (none)
     Type:  defect (bug)        |      Status:  new
 Priority:  normal              |   Milestone:  Awaiting Review
Component:  Options, Meta APIs  |     Version:  2.9
 Severity:  normal              |  Resolution:
 Keywords:  2nd-opinion         |     Focuses:
--------------------------------+------------------------------

Comment (by johnjamesjacoby):

 [bb6302] introduced `bbp_number_not_negative()` (see #bb3059) with
 similar'ish intention, and I think a patch to WordPress would benefit from
 what bbPress did there.

 It is often used via a filter, so it:
 * guards against non-numeric values being passed in
 * uses `intval( $number )` to set the value using the current PHP
 environments settings
 * uses `max( 0, $number )` to prevent it from being negative while
 allowing `0`
 * Optional – pass the return, int, and original values through its own
 filter

 > I'd like to keep the ticket open as I still think absint() is invalid in
 this context, passing $object_id = -4 shouldn't update object 4. intval()
 combined with checking for a positive number is a better but problematic
 in its own ways.

 What if we bail early and return a `WP_Error` if a negative number is
 detected? I like the idea of being firm when we're preventing data from
 being saved in ways that were not intended.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/38203#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform