[wp-trac] [WordPress Trac] #52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte
WordPress Trac
noreply at wordpress.org
Fri Nov 11 07:01:25 UTC 2022
#52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does
not handle null byte
------------------------------------------+---------------------
Reporter: bitcomplex | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.2
Component: Posts, Post Types | Version: 5.6.2
Severity: critical | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+---------------------
Comment (by cadic):
Could be solved by replacing `get_object_vars()` with a wrapper function
{{{#!php
<?php
function wp_get_object_vars( $object ) {
$result = get_object_vars( $object );
if ( isset( $result[ chr( 0 ) ] ) ) {
unset( $result[ chr( 0 ) ] );
}
return $result;
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52738#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list