Changeset 53144

Timestamp:

04/11/2022 07:58:04 PM (14 months ago)

Author:

audrasjb

Message:

Formatting: Avoid escaping valid XML values in esc_xml().

This change improves the esc_xml() function by replacing two empty() checks with isset() to cover values that are not equal to '' but still returning true when checked with empty(), like '0', 0 or false. It also updates the related unit tests accordingly.

Props rumpel2116, pbiron.
Fixes #55399.

Location:

trunk

Files:

• src/wp-includes/formatting.php (modified) (1 diff)
• tests/phpunit/tests/formatting/escXml.php (modified) (1 diff)

trunk/src/wp-includes/formatting.php

@@ -4640 +4640 @@
         $regex,
         static function( $matches ) {
-            if ( ! $matches[0] ) {
+            if ( ! isset( $matches[0] ) ) {
                 return '';
             }
 
-            if ( ! empty( $matches['non_cdata'] ) ) {
+            if ( isset( $matches['non_cdata'] ) ) {
                 // escape HTML entities in the non-CDATA Section.
                 return _wp_specialchars( $matches['non_cdata'], ENT_XML1 );

trunk/tests/phpunit/tests/formatting/escXml.php

@@ -42 +42 @@
                 "SELECT meta_key, meta_value FROM wp_trunk_sitemeta WHERE meta_key IN ('site_name', 'siteurl', 'active_sitewide_plugins', '_site_transient_timeout_theme_roots', '_site_transient_theme_roots', 'site_admins', 'can_compress_scripts', 'global_terms_enabled') AND site_id = 1",
                 'SELECT meta_key, meta_value FROM wp_trunk_sitemeta WHERE meta_key IN ('site_name', 'siteurl', 'active_sitewide_plugins', '_site_transient_timeout_theme_roots', '_site_transient_theme_roots', 'site_admins', 'can_compress_scripts', 'global_terms_enabled') AND site_id = 1',
+            ),
+            // Zero string.
+            array(
+                '0',
+                '0',
             ),
         );