From d46dc08342c8e90e16289ae850097d6a31118cd6 Mon Sep 17 00:00:00 2001
From: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date: Tue, 7 Feb 2023 03:32:43 +0000
Subject: [PATCH] Formatting: Guard `wp_strip_all_tags()` against fatal errors.

Check the input of `wp_strip_all_tags()` before passing it to `strip_tags()`. This protects against fatal errors introduced in PHP 8, retaining the `E_USER_WARNING` from PHP 7, and prevents a PHP 8.1 deprecation notice when passing null.

Props chocofc1, costdev, jrf, dd32, audrasjb, peterwilsoncc.
Fixes #56434.



git-svn-id: https://develop.svn.wordpress.org/trunk@55245 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/formatting.php                | 26 +++++++
 .../tests/formatting/wpStripAllTags.php       | 71 +++++++++++++++++++
 2 files changed, 97 insertions(+)

diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index c76e8730fe593..fc3770cfaf3fc 100644
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@@ -5395,6 +5395,32 @@ function normalize_whitespace( $str ) {
  * @return string The processed string.
  */
 function wp_strip_all_tags( $text, $remove_breaks = false ) {
+	if ( is_null( $text ) ) {
+		return '';
+	}
+
+	if ( ! is_scalar( $text ) ) {
+		/*
+		 * To maintain consistency with pre-PHP 8 error levels,
+		 * trigger_error() is used to trigger an E_USER_WARNING,
+		 * rather than _doing_it_wrong(), which triggers an E_USER_NOTICE.
+		 */
+		trigger_error(
+			sprintf(
+				/* translators: 1: The function name, 2: The argument number, 3: The argument name, 4: The expected type, 5: The provided type. */
+				__( 'Warning: %1$s expects parameter %2$s (%3$s) to be a %4$s, %5$s given.' ),
+				__FUNCTION__,
+				'#1',
+				'$text',
+				'string',
+				gettype( $text )
+			),
+			E_USER_WARNING
+		);
+
+		return '';
+	}
+
 	$text = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $text );
 	$text = strip_tags( $text );
 
diff --git a/tests/phpunit/tests/formatting/wpStripAllTags.php b/tests/phpunit/tests/formatting/wpStripAllTags.php
index 2ef332e62edb8..3efe479deca07 100644
--- a/tests/phpunit/tests/formatting/wpStripAllTags.php
+++ b/tests/phpunit/tests/formatting/wpStripAllTags.php
@@ -31,5 +31,76 @@ public function test_wp_strip_all_tags() {
 		$text = "lorem<style>* { display: 'none' }<script>alert( document.cookie )</script></style>ipsum";
 		$this->assertSame( 'loremipsum', wp_strip_all_tags( $text ) );
 	}
+
+	/**
+	 * Tests that `wp_strip_all_tags()` returns an empty string when null is passed.
+	 *
+	 * @ticket 56434
+	 */
+	public function test_wp_strip_all_tags_should_return_empty_string_for_a_null_arg() {
+		$this->assertSame( '', wp_strip_all_tags( null ) );
+	}
+
+	/**
+	 * Tests that `wp_strip_all_tags()` triggers a warning and returns
+	 * an empty string when passed a non-string argument.
+	 *
+	 * @ticket 56434
+	 *
+	 * @dataProvider data_wp_strip_all_tags_should_return_empty_string_and_trigger_an_error_for_non_string_arg
+	 *
+	 * @param mixed $non_string A non-string value.
+	 */
+	public function test_wp_strip_all_tags_should_return_empty_string_and_trigger_an_error_for_non_string_arg( $non_string ) {
+		$type = gettype( $non_string );
+		$this->expectError();
+		$this->expectErrorMessage( "Warning: wp_strip_all_tags expects parameter #1 (\$text) to be a string, $type given." );
+		$this->assertSame( '', wp_strip_all_tags( $non_string ) );
+	}
+
+	/**
+	 * Data provider for test_wp_strip_all_tags_should_return_empty_string_and_trigger_an_error_for_non_string_arg().
+	 *
+	 * @return array[]
+	 */
+	public function data_wp_strip_all_tags_should_return_empty_string_and_trigger_an_error_for_non_string_arg() {
+		return array(
+			'an empty array'     => array( 'non_string' => array() ),
+			'a non-empty array'  => array( 'non_string' => array( 'a string' ) ),
+			'an empty object'    => array( 'non_string' => new stdClass() ),
+			'a non-empty object' => array( 'non_string' => (object) array( 'howdy' => 'admin' ) ),
+		);
+	}
+
+	/**
+	 * Tests that `wp_strip_all_tags()` casts scalar values to string.
+	 *
+	 * @ticket 56434
+	 *
+	 * @dataProvider data_wp_strip_all_tags_should_cast_scalar_values_to_string
+	 *
+	 * @param mixed $text A scalar value.
+	 */
+	public function test_wp_strip_all_tags_should_cast_scalar_values_to_string( $text ) {
+		$this->assertSame( (string) $text, wp_strip_all_tags( $text ) );
+	}
+
+	/**
+	 * Data provider for test_wp_strip_all_tags_should_cast_scalar_values_to_string()/
+	 *
+	 * @return array[]
+	 */
+	public function data_wp_strip_all_tags_should_cast_scalar_values_to_string() {
+		return array(
+			'(int) 0'      => array( 'text' => 0 ),
+			'(int) 1'      => array( 'text' => 1 ),
+			'(int) -1'     => array( 'text' => -1 ),
+			'(float) 0.0'  => array( 'text' => 0.0 ),
+			'(float) 1.0'  => array( 'text' => 1.0 ),
+			'(float) -1.0' => array( 'text' => -1.0 ),
+			'(bool) false' => array( 'text' => false ),
+			'(bool) true'  => array( 'text' => true ),
+		);
+	}
 }