From afa551294e7d96661ad64aedf9f66e6ebdcfc413 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <pento@git.wordpress.org>
Date: Wed, 16 Jan 2019 06:04:51 +0000
Subject: [PATCH] Formatting: Add type checking to `_sanitize_text_fields()`.

When a non-string value is passed, return an empty string.

Props Mte90.
Fixes #41450.



git-svn-id: https://develop.svn.wordpress.org/trunk@44618 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/formatting.php                       | 4 ++++
 tests/phpunit/tests/formatting/SanitizeTextField.php | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index 4124b69287..ddc2de5488 100644
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@@ -5102,6 +5102,10 @@ function sanitize_textarea_field( $str ) {
  * @return string Sanitized string.
  */
 function _sanitize_text_fields( $str, $keep_newlines = false ) {
+	if ( ! is_string( $str ) ) {
+		return '';
+	}
+
 	$filtered = wp_check_invalid_utf8( $str );
 
 	if ( strpos( $filtered, '<' ) !== false ) {
diff --git a/tests/phpunit/tests/formatting/SanitizeTextField.php b/tests/phpunit/tests/formatting/SanitizeTextField.php
index e5d3d99c3a..62ee5573c3 100644
--- a/tests/phpunit/tests/formatting/SanitizeTextField.php
+++ b/tests/phpunit/tests/formatting/SanitizeTextField.php
@@ -93,6 +93,10 @@ class Tests_Formatting_SanitizeTextField extends WP_UnitTestCase {
 				'Nested octects %%%ABABAB %A%A%ABBB',
 				'Nested octects',
 			),
+			array(
+				array(),
+				'',
+			),
 		);
 	}