Formatting: Guard wp_strip_all_tags() against fatal errors.

Check the input of `wp_strip_all_tags()` before passing it to `strip_tags()`. This protects against fatal errors introduced in PHP 8, retaining the `E_USER_WARNING` from PHP 7, and prevents a PHP 8.1 deprecation notice when passing null. Props chocofc1, costdev, jrf, dd32, audrasjb, peterwilsoncc. Fixes #56434. git-svn-id: https://develop.svn.wordpress.org/trunk@55245 602fd350-edb4-49c9-b593-d223f7449a82
WordPress · Feb 7, 2023 · d46dc08 · d46dc08
1 parent 9d8e1ae
commit d46dc08
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 0 deletions.
diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
@@ -5395,6 +5395,32 @@ function normalize_whitespace( $str ) {
  * @return string The processed string.
  */
 function wp_strip_all_tags( $text, $remove_breaks = false ) {
+	if ( is_null( $text ) ) {
+		return '';
+	}
+
+	if ( ! is_scalar( $text ) ) {
+		/*
+		 * To maintain consistency with pre-PHP 8 error levels,
+		 * trigger_error() is used to trigger an E_USER_WARNING,
+		 * rather than _doing_it_wrong(), which triggers an E_USER_NOTICE.
+		 */
+		trigger_error(
+			sprintf(
+				/* translators: 1: The function name, 2: The argument number, 3: The argument name, 4: The expected type, 5: The provided type. */
+				__( 'Warning: %1$s expects parameter %2$s (%3$s) to be a %4$s, %5$s given.' ),
+				__FUNCTION__,
+				'#1',
+				'$text',
+				'string',
+				gettype( $text )
+			),
+			E_USER_WARNING
+		);
+
+		return '';
+	}
+
 	$text = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $text );
 	$text = strip_tags( $text );
 

diff --git a/tests/phpunit/tests/formatting/wpStripAllTags.php b/tests/phpunit/tests/formatting/wpStripAllTags.php
@@ -31,5 +31,76 @@ public function test_wp_strip_all_tags() {
 		$text = "lorem<style>* { display: 'none' }<script>alert( document.cookie )</script></style>ipsum";
 		$this->assertSame( 'loremipsum', wp_strip_all_tags( $text ) );
 	}
+
+	/**
+	 * Tests that `wp_strip_all_tags()` returns an empty string when null is passed.
+	 *
+	 * @ticket 56434
+	 */
+	public function test_wp_strip_all_tags_should_return_empty_string_for_a_null_arg() {
+		$this->assertSame( '', wp_strip_all_tags( null ) );
+	}
+
+	/**
+	 * Tests that `wp_strip_all_tags()` triggers a warning and returns
+	 * an empty string when passed a non-string argument.
+	 *
+	 * @ticket 56434
+	 *
+	 * @dataProvider data_wp_strip_all_tags_should_return_empty_string_and_trigger_an_error_for_non_string_arg
+	 *
+	 * @param mixed $non_string A non-string value.
+	 */
+	public function test_wp_strip_all_tags_should_return_empty_string_and_trigger_an_error_for_non_string_arg( $non_string ) {
+		$type = gettype( $non_string );
+		$this->expectError();
+		$this->expectErrorMessage( "Warning: wp_strip_all_tags expects parameter #1 (\$text) to be a string, $type given." );
+		$this->assertSame( '', wp_strip_all_tags( $non_string ) );
+	}
+
+	/**
+	 * Data provider for test_wp_strip_all_tags_should_return_empty_string_and_trigger_an_error_for_non_string_arg().
+	 *
+	 * @return array[]
+	 */
+	public function data_wp_strip_all_tags_should_return_empty_string_and_trigger_an_error_for_non_string_arg() {
+		return array(
+			'an empty array'     => array( 'non_string' => array() ),
+			'a non-empty array'  => array( 'non_string' => array( 'a string' ) ),
+			'an empty object'    => array( 'non_string' => new stdClass() ),
+			'a non-empty object' => array( 'non_string' => (object) array( 'howdy' => 'admin' ) ),
+		);
+	}
+
+	/**
+	 * Tests that `wp_strip_all_tags()` casts scalar values to string.
+	 *
+	 * @ticket 56434
+	 *
+	 * @dataProvider data_wp_strip_all_tags_should_cast_scalar_values_to_string
+	 *
+	 * @param mixed $text A scalar value.
+	 */
+	public function test_wp_strip_all_tags_should_cast_scalar_values_to_string( $text ) {
+		$this->assertSame( (string) $text, wp_strip_all_tags( $text ) );
+	}
+
+	/**
+	 * Data provider for test_wp_strip_all_tags_should_cast_scalar_values_to_string()/
+	 *
+	 * @return array[]
+	 */
+	public function data_wp_strip_all_tags_should_cast_scalar_values_to_string() {
+		return array(
+			'(int) 0'      => array( 'text' => 0 ),
+			'(int) 1'      => array( 'text' => 1 ),
+			'(int) -1'     => array( 'text' => -1 ),
+			'(float) 0.0'  => array( 'text' => 0.0 ),
+			'(float) 1.0'  => array( 'text' => 1.0 ),
+			'(float) -1.0' => array( 'text' => -1.0 ),
+			'(bool) false' => array( 'text' => false ),
+			'(bool) true'  => array( 'text' => true ),
+		);
+	}
 }