Opened 5 months ago
Last modified 3 months ago
#60650 new defect (bug)
sanitize_locale_name() should reject non-strings
| Reported by: |
dd32
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | lowest |
| Severity: | trivial | Version: | 6.2.1 |
| Component: | I18N | Keywords: | close |
| Focuses: | Cc: |
Description
While debugging some locale-related oddities, I ran into sanitize_locale_name() happily accepting arrays.
wp> sanitize_locale_name( [ 'test@test' => 'test@test' ] );
array(1) {
'test@test' =>
string(8) "testtest"
}
This is not uncommon for WordPress functions that rely upon preg_replace() and a number of other sanitize functions behave similarly.
I would expect an array input to return either '' as array( .. ) is not a valid string.
Change History (3)
@
#2
in reply to:
↑ description
@
5 months ago
Replying to dd32:
and a number of other sanitize functions behave similarly.
It seems like only sanitize_key() has a check for is_scalar()? I guess if sanitize_locale_name() needs to be updated we should make all sanitize functions consistent in this way.
Note: See
TracTickets for help on using
tickets.
Returning an empty string if the input is not a string souvds reasonable. However, note that the docblock says the function expects a string.