Formatting: Add type checking to `_sanitize_text_fields()`.

When a non-string value is passed, return an empty string. Props Mte90. Fixes #41450. git-svn-id: https://develop.svn.wordpress.org/trunk@44618 602fd350-edb4-49c9-b593-d223f7449a82
2019-01-16 06:04:51 +00:00 · 2019-01-16 06:04:51 +00:00 · afa551294e
parent 267c79a518
commit afa551294e
2 changed files with 8 additions and 0 deletions
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@ -5102,6 +5102,10 @@ function sanitize_textarea_field( $str ) {
 * @return string Sanitized string.
 */
 function _sanitize_text_fields( $str, $keep_newlines = false ) {
+	if ( ! is_string( $str ) ) {
+		return '';
+	}
+
 	$filtered = wp_check_invalid_utf8( $str );

 	if ( strpos( $filtered, '<' ) !== false ) {
--- a/tests/phpunit/tests/formatting/SanitizeTextField.php
+++ b/tests/phpunit/tests/formatting/SanitizeTextField.php
@ -93,6 +93,10 @@ class Tests_Formatting_SanitizeTextField extends WP_UnitTestCase {
 				'Nested octects %%%ABABAB %A%A%ABBB',
 				'Nested octects',
 			),
+			array(
+				array(),
+				'',
+			),
 		);
 	}