[wp-trac] [WordPress Trac] #52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte

WordPress Trac noreply at wordpress.org
Sat Jul 1 11:20:19 UTC 2023 

#52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does
not handle null byte
----------------------------------------------------+---------------------
 Reporter:  bitcomplex                              |       Owner:  (none)
     Type:  defect (bug)                            |      Status:  new
 Priority:  normal                                  |   Milestone:  6.3
Component:  Posts, Post Types                       |     Version:  5.6.2
 Severity:  normal                                  |  Resolution:
 Keywords:  has-patch has-unit-tests needs-testing  |     Focuses:
----------------------------------------------------+---------------------

Comment (by costdev):

 Thanks for the ping @oglekler! I meant to get a closer look at this sooner
 but only ever had a cursory look during scrubs or when taking a look at
 test failures on the `map_deep()` ticket.

 Sergey was able to [https://core.trac.wordpress.org/ticket/47164#comment:3
 reproduce the issue]  on the `map_deep()` ticket, and
 [https://3v4l.org/ScIk3 here's a 3v4l] that might help to visualise the
 issue and the proposed patch.

 My thoughts on whether to patch this:

 - Is the value containing `NUL` bytes produced by Core?
   - If the answer is no, then this is an `enhancement` request to add
 support for `NUL` bytes, not a `defect (bug)` report, and should be moved
 out of the 6.3 milestone as we're now in Beta. (Note: A Fatal Error
 doesn't necessarily mean a bug in Core, it could just mean that PHP says
 "no" to something extenders are trying to do with Core)
 - Is the use case valid?
   - If so, we should continue.
   - If not, we should consider closing this as `invalid` as the issue
 should be rectified where the value is generated and/or stored.

 Without more information, it's hard to classify this ticket before
 deciding the right course of action. I'd suggest adding `reporter-
 feedback` so we have the information necessary to move forward.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52738#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list