[wp-trac] [WordPress Trac] #61244: The export_wp() function inserts empty <wp:comment> data when get_comment() returns a false or empty value

WordPress Trac noreply at wordpress.org
Wed Jul 2 23:58:37 UTC 2025 

#61244: The export_wp() function inserts empty <wp:comment> data when get_comment()
returns a false or empty value
-------------------------------------------------+-------------------------
 Reporter:  WPExplorer                           |       Owner:  audrasjb
     Type:  defect (bug)                         |      Status:  reviewing
 Priority:  normal                               |   Milestone:  6.9
Component:  Export                               |     Version:  4.4
 Severity:  minor                                |  Resolution:
 Keywords:  changes-requested has-test-info      |     Focuses:
  has-patch                                      |  administration
-------------------------------------------------+-------------------------
Changes (by SirLouen):

 * keywords:  reporter-feedback needs-test-info needs-refresh => changes-
     requested has-test-info has-patch


Comment:

 Replying to [comment:21 jorbin]:
 > To reproduce I made an mu-plugin with the code from the ticket
 description
 Ok, I can remember now what I was thinking back in the day:

 All the warnings are being caused by an unexpected value (the `false`)

 When I first reviewed `get_comment` I could not understand why the person
 was returning a `false` because  `get_comment` is not expecting to return
 a `bool` value:
 {{{
 @return WP_Comment|array|null Depends on $output value.
 }}}

 But a null at best.

 There is no sanitization of what the user can return after the filter and
 what gets to the next conditional block (which can end returning whatever
 value has been passed through the filter).

 So here I was thinking: "''If false was being used is normal that
 everything completely fails''".

 But after your comment, I'm rethinking this: if he had used
 `__return_null` instead, he could also expect to wipe all comments from
 export. And since `null` and `false` might behave similarly with
 `array_filter` then we could expect the same result whatever the formula
 we use (despite it's a little out of the boundaries)

 So I wonder if:
 A) `get_comment` should also be reviewed to accept a `bool` return, or
 B) better sanitize the "filtered comment".

 > The [https://github.com/WordPress/wordpress-
 develop/pull/8383#pullrequestreview-2979999548 refresh is described on the
 PR].
 Oh, you meant `changes-requested` for the tests 👍. I'm going to fix this.
 cc @abcd95

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61244#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list