[wp-trac] [WordPress Trac] #37077: Replacing one variable handler for another to ensure proper conditional check occurs 100%.
WordPress Trac
noreply at wordpress.org
Mon Jun 13 04:52:31 UTC 2016
#37077: Replacing one variable handler for another to ensure proper conditional
check occurs 100%.
-------------------------+------------------------------
Reporter: chadschulz | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.5.2
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by chadschulz):
Oddly, I just found a possible source of the "bad code". There's an issues
inside HHVM that affects multidimensional arrays using `http_build_query`
with `enc_type = PHP_QUERY_RFC3986` which might allow them to slip past
`!is_scalar()`.
Turns out one of the plugins I'm using, Shield WordPress Security, uses
that kind of array. So this might all be a (fixable) bug inside HHVM.
However, this sort of "glitch" should still not be allowed through core as
the point of this particular `!is_scalar()` conditional is to filter out
junk that won't pass `rawurlencode()`. And `!is_string()` isn't any slower
that `!is_scalar()`--initial benchmarks show it might actually be a tad
faster. It's also more specific to this purpose.
So, I stand by my initial patch request.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37077#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list