From 566d5d2170f9bb54fe329577b8e4816987812319 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Tue, 30 Nov 2021 21:03:00 +0000 Subject: [PATCH] Options, Meta APIs: Improve error handling in `sanitize_option()`. To prevent potential false negatives, set `$error` to `null` initially, so we can better tell if it was ever changed during the sanitization and be able to better react if an empty string is added to it. Additionally, and mainly for the sake of the Settings API at this point, add error messages to some `WP_Error` objects returned from `wpdb` methods that were previously causing the issues here. Follow-up to [32791]. Props iCaleb, audrasjb, hellofromTonya, SergeyBiryukov. Fixes #53986. Built from https://develop.svn.wordpress.org/trunk@52294 git-svn-id: http://core.svn.wordpress.org/trunk@51886 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 13 ++++++++++--- wp-includes/version.php | 2 +- wp-includes/wp-db.php | 4 ++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 576b3c657a..5a135f0f0e 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -4711,7 +4711,7 @@ function sanitize_option( $option, $value ) { global $wpdb; $original_value = $value; - $error = ''; + $error = null; switch ( $option ) { case 'admin_email': @@ -4919,7 +4919,9 @@ function sanitize_option( $option, $value ) { $value = str_replace( 'http://', '', $value ); } - if ( 'permalink_structure' === $option && '' !== $value && ! preg_match( '/%[^\/%]+%/', $value ) ) { + if ( 'permalink_structure' === $option && null === $error + && '' !== $value && ! preg_match( '/%[^\/%]+%/', $value ) + ) { $error = sprintf( /* translators: %s: Documentation URL. */ __( 'A structure tag is required when using custom permalinks. Learn more' ), @@ -4948,7 +4950,12 @@ function sanitize_option( $option, $value ) { break; } - if ( ! empty( $error ) ) { + if ( null !== $error ) { + if ( '' === $error && is_wp_error( $value ) ) { + /* translators: 1: Option name, 2: Error code. */ + $error = sprintf( __( 'Could not sanitize the %1$s option. Error code: %2$s' ), $option, $value->get_error_code() ); + } + $value = get_option( $option ); if ( function_exists( 'add_settings_error' ) ) { add_settings_error( $option, "invalid_{$option}", $error ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 5709a1bd2b..a8c65d86c5 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '5.9-alpha-52293'; +$wp_version = '5.9-alpha-52294'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index 0eaede8811..fa071c426d 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -2885,7 +2885,7 @@ class wpdb { $table = '`' . implode( '`.`', $table_parts ) . '`'; $results = $this->get_results( "SHOW FULL COLUMNS FROM $table" ); if ( ! $results ) { - return new WP_Error( 'wpdb_get_table_charset_failure' ); + return new WP_Error( 'wpdb_get_table_charset_failure', __( 'Could not retrieve table charset.' ) ); } foreach ( $results as $column ) { @@ -3327,7 +3327,7 @@ class wpdb { $this->check_current_query = false; $row = $this->get_row( 'SELECT ' . implode( ', ', $sql ), ARRAY_A ); if ( ! $row ) { - return new WP_Error( 'wpdb_strip_invalid_text_failure' ); + return new WP_Error( 'wpdb_strip_invalid_text_failure', __( 'Could not strip invalid text.' ) ); } foreach ( array_keys( $data ) as $column ) {