[wp-hackers] Changeset 11804
Chris Jean
gaarai at gaarai.com
Tue Aug 11 20:21:09 UTC 2009
But it's not an empty array. Passing arr[]= as an argument does not pass
in an empty array. It passes in an array with a single empty element,
which is not an empty array.
So, array('') passes the empty check since it's not empty. Then when it
is forced to a string, it becomes an empty string.
This is why it is extremely-critical to do type checking.
Chris Jean
http://gaarai.com/
http://wp-roadmap.com/
http://dnsyogi.com/
Otto wrote:
> On Tue, Aug 11, 2009 at 2:32 PM, Chris Jean<gaarai at gaarai.com> wrote:
>
>> The code actually has that exact test in it. wp-login.php line 190-191:
>>
>> if ( empty( $key ) )
>> return new WP_Error('invalid_key', __('Invalid key'));
>>
>> What it's not doing is a check for an array, which is why this works. So
>> not only do you have to validate, you have to type check.
>>
>
> I don't follow that. An empty array is still empty.
>
> http://php.net/manual/en/function.empty.php
>
> The following things are considered to be empty:
>
> * "" (an empty string)
> * 0 (0 as an integer)
> * "0" (0 as a string)
> * NULL
> * FALSE
> * array() (an empty array)
> * var $var; (a variable declared, but without a value in a class)
>
>
> -Otto
> Sent from Memphis, TN, United States
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list