Bootstrap/Load: Make sure add_magic_quotes() does not inappropriately recast non-string data types to string.

Props donmhico, jrf, Veraxus, Rarst. Fixes #48605. git-svn-id: https://develop.svn.wordpress.org/trunk@48205 602fd350-edb4-49c9-b593-d223f7449a82
2020-06-28 21:02:18 +00:00 · 2020-06-28 21:02:18 +00:00 · e5e4f0d977
commit e5e4f0d977
parent 5289a345cf
2 changed files with 68 additions and 0 deletions
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@ -1219,6 +1219,7 @@ function wp_removable_query_args() {
 * Walks the array while sanitizing the contents.
 *
 * @since 0.71
+ * @since 5.5.0 Non-string values are left untouched.
 *
 * @param array $array Array to walk while sanitizing contents.
 * @return array Sanitized $array.
@ -1227,10 +1228,13 @@ function add_magic_quotes( $array ) {
 	foreach ( (array) $array as $k => $v ) {
 		if ( is_array( $v ) ) {
 			$array[ $k ] = add_magic_quotes( $v );
+		} elseif ( ! is_string( $v ) ) {
+			continue;
 		} else {
 			$array[ $k ] = addslashes( $v );
 		}
 	}
+
 	return $array;
 }

--- a/tests/phpunit/tests/functions/addMagicQuotes.php
+++ b/tests/phpunit/tests/functions/addMagicQuotes.php
@ -0,0 +1,64 @@
+<?php
+
+/**
+ * @group formatting
+ * @group functions.php
+ */
+class Tests_Functions_AddMagicQuotes extends WP_UnitTestCase {
+
+	/**
+	 * @ticket 48605
+	 *
+	 * @dataProvider data_add_magic_quotes
+	 *
+	 * @param array $test_array Test value.
+	 * @param array $expected   Expected return value.
+	 */
+	function test_add_magic_quotes( $test_array, $expected ) {
+		$this->assertSame( $expected, add_magic_quotes( $test_array ) );
+	}
+
+	/**
+	 * Data provider for test_add_magic_quotes.
+	 *
+	 * @return array[] Test parameters {
+	 *     @type array $test_array Test value.
+	 *     @type array $expected   Expected return value.
+	 * }
+	 */
+	public function data_add_magic_quotes() {
+		return array(
+			array(
+				array(
+					'sample string',
+					52,
+					true,
+					false,
+					null,
+					"This is a 'string'",
+					array(
+						1,
+						false,
+						true,
+						'This is "another" string',
+					),
+				),
+				array(
+					'sample string',
+					52,
+					true,
+					false,
+					null,
+					"This is a \'string\'",
+					array(
+						1,
+						false,
+						true,
+						'This is \"another\" string',
+					),
+				),
+			),
+		);
+	}
+
+}