[wp-trac] [WordPress Trac] #64091: Add input validation for $data parameter in wp_add_inline_script()
WordPress Trac
noreply at wordpress.org
Mon Oct 13 12:50:51 UTC 2025
#64091: Add input validation for $data parameter in wp_add_inline_script()
------------------------------+-----------------------------
Reporter: parinpanjari | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.8.3
Severity: normal | Keywords: 2nd-opinion
Focuses: coding-standards |
------------------------------+-----------------------------
**Problem**: The `wp_add_inline_style()` function in `wp-
includes/functions.wp-styles.php` lacks validation for the `$data`
parameter, expected to be a non-empty string containing CSS. Invalid input
(e.g., `null`, array, or empty string) could cause PHP notices or
unexpected behavior in `WP_Styles::add_inline_style()`.
**Proposed Fix**: Add a type and emptiness check with `_doing_it_wrong()`
notice and return `false` on failure.
**Reasoning**:
- Prevents errors from invalid input.
- Aligns with WordPress API validation practices.
- Backward-compatible, only affects invalid calls.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64091>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list