WordPress.org
Get WordPress

Make WordPress Core

Changeset 52294


Ignore:
Timestamp:
11/30/2021 09:00:32 PM ( 3 years ago)
Author:
SergeyBiryukov
Message:

Options, Meta APIs: Improve error handling in sanitize_option() .

To prevent potential false negatives, set $error to null initially, so we can better tell if it was ever changed during the sanitization and be able to better react if an empty string is added to it.

Additionally, and mainly for the sake of the Settings API at this point, add error messages to some WP_Error objects returned from wpdb methods that were previously causing the issues here.

Follow-up to [32791] .

Props iCaleb, audrasjb, hellofromTonya, SergeyBiryukov.
Fixes #53986 .

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/formatting.php

    r52292 r52294  
    four thousand seven hundred and twelve four thousand seven hundred and twelve
    four thousand seven hundred and thirteen four thousand seven hundred and thirteen     $original_value = $value;
    four thousand seven hundred and fourteen       $error          = '' ;
      four thousand seven hundred and fourteen     $error          = null ;
    four thousand seven hundred and fifteen four thousand seven hundred and fifteen
    four thousand seven hundred and sixteen four thousand seven hundred and sixteen     switch ( $option ) {
     
    four thousand nine hundred and twenty four thousand nine hundred and twenty             }
    four thousand nine hundred and twenty-one four thousand nine hundred and twenty-one
    four thousand nine hundred and twenty-two               if ( 'permalink_structure' === $option && '' !== $value && ! preg_match( '/%[^\/%]+%/', $value ) ) {
      four thousand nine hundred and twenty-two             if ( 'permalink_structure' === $option && null === $error
      four thousand nine hundred and twenty-three                 && '' !== $ value && ! preg_match( '/%[^\/%]+%/', $value )
      four thousand nine hundred and twenty-four             ) {
    four thousand nine hundred and twenty-three four thousand nine hundred and twenty-five                 $error = sprintf(
    four thousand nine hundred and twenty-four four thousand nine hundred and twenty-six                     /* translators: %s: Documentation URL. */
     
    four thousand nine hundred and forty-nine four thousand nine hundred and fifty-one     }
    four thousand nine hundred and fifty four thousand nine hundred and fifty-two
    four thousand nine hundred and fifty-one       if ( ! empty( $error ) ) {
      four thousand nine hundred and fifty-three     if ( null !== $error ) {
      four thousand nine hundred and fifty-four         if ( '' === $error && is_wp_error( $value ) ) {
      four thousand nine hundred and fifty-five             /* translators: 1: Option name, 2: Error code. */
      four thousand nine hundred and fifty-six             $error = sprintf( __( 'Could not sanitize the %1$s option. Error code: %2$s' ), $option, $value->get_error_code() );
      four thousand nine hundred and fifty-seven         }
      four thousand nine hundred and fifty-eight
    four thousand nine hundred and fifty-two four thousand nine hundred and fifty-nine         $value = get_option( $option );
    four thousand nine hundred and fifty-three four thousand nine hundred and sixty         if ( function_exists( 'add_settings_error' ) ) {

  • trunk/src/wp-includes/wp-db.php

    r52218 r52294  
    two thousand eight hundred and eighty-six two thousand eight hundred and eighty-six         $results     = $this->get_results( "SHOW FULL COLUMNS FROM $table" );
    two thousand eight hundred and eighty-seven two thousand eight hundred and eighty-seven         if ( ! $results ) {
    two thousand eight hundred and eighty-eight               return new WP_Error( 'wpdb_get_table_charset_failure' );
      two thousand eight hundred and eighty-eight             return new WP_Error( 'wpdb_get_table_charset_failure' , __( 'Could not retrieve table charset.' ) );
    two thousand eight hundred and eighty-nine two thousand eight hundred and eighty-nine         }
    two thousand eight hundred and ninety two thousand eight hundred and ninety
     
    three thousand three hundred and twenty-eight three thousand three hundred and twenty-eight             $row                       = $this->get_row( 'SELECT ' . implode( ', ', $sql ), ARRAY_A );
    three thousand three hundred and twenty-nine three thousand three hundred and twenty-nine             if ( ! $row ) {
    three thousand three hundred and thirty                   return new WP_Error( 'wpdb_strip_invalid_text_failure' );
      three thousand three hundred and thirty                 return new WP_Error( 'wpdb_strip_invalid_text_failure' , __( 'Could not strip invalid text.' ) );
    three thousand three hundred and thirty-one three thousand three hundred and thirty-one             }
    three thousand three hundred and thirty-two three thousand three hundred and thirty-two

  • trunk/tests/phpunit/tests/option/sanitize-option.php

    r48937 r52294  
    one hundred and fifty-six one hundred and fifty-six             array( '/%year%/%monthnum%/%day%/%postname%/', '/%year%/%monthnum%/%day%/%postname%/', true ),
    one hundred and fifty-seven one hundred and fifty-seven             array( '/%year/%postname%/', '/%year/%postname%/', true ),
      one hundred and fifty-eight             array( new WP_Error( 'wpdb_get_table_charset_failure' ), false, false ), // ticket 53986
    one hundred and fifty-eight one hundred and fifty-nine         );
    one hundred and fifty-nine one hundred and sixty     }
Note: See TracChangeset for help on using the changeset viewer.