[wp-trac] [WordPress Trac] #62643: Prevent errors from `printf()` and `sprintf()` calls

Thu Oct 23 15:50:00 UTC 2025

#62643: Prevent errors from `printf()` and `sprintf()` calls
-------------------------+------------------------------
 Reporter:  grapestain   |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  I18N         |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  2nd-opinion  |     Focuses:
-------------------------+------------------------------

Comment (by barry.hughes):

 Tightening things up on GlotPress is definitely going to be helpful, so
 it's great to see [https://github.com/GlotPress/GlotPress/issues/1877
 #1877] being logged, but I'm not sure it represents a complete solution.

 - Not all translations are obtained via a GlotPress instance. Even those
 that do, may be modified at runtime (may be filterable).
 - Those that ''are'' fetched from GlotPress don't always flow through the
 'official' instance at [https://translate.wordpress.org
 translate.wordpress.org] (and so the process of obtaining updated
 translations may be a less seamless experience, in some cases).

 As already covered, under modern PHP runtimes this problem leads to an
 ArgumentCountError and if it happens during a critical path of some kind,
 it could take down an entire site, so I still think there are legs in the
 suggestion from @grapestain that we introduce wrapper functions in
 WordPress itself.

 I'd also offer the following adaptation of his suggestion, which is that
 instead of wrapping `sprintf()` and its siblings, we offer a set of new
 translation functions that parallel the existing ones. This might also
 offer better developer ergonomics. For instance, instead of writing code
 like:

 {{{#!php
 sprintf(
         __(
                 'My string with %splaceholders%s',
                 'text-domain'
         ),
         '<em>',
         '</em>'
 );
 }}}

 We might have:

 {{{#!php
 # The 's' stands for substitution:
 __s(
         'My string with %splaceholders%s',
         'text-domain'
         '<em>',
         '</em>'
 );
 }}}

 Internally, the function would count (or estimate) the number of
 placeholders, and if necessary inflate the number of args provided to
 `sprintf()` to avoid fatal errors. It could also log an error.

 Alternatively, it could perhaps use a `try {} catch (Throwable $e) {}`
 structure and, if we enter the catch block, log an error or emit a warning
 but otherwise do nothing (doing nothing being arguably preferable to
 crashing the site). I believe this would be compatible with earlier PHP
 runtimes like 5.6, even if in those cases the structure isn't used.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62643#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform