diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php index c524b06928..576b3c657a 100644 --- a/src/wp-includes/formatting.php +++ b/src/wp-includes/formatting.php @@ -2137,8 +2137,15 @@ function sanitize_user( $username, $strict = false ) { */ function sanitize_key( $key ) { $raw_key = $key; - $key = strtolower( $key ); - $key = preg_replace( '/[^a-z0-9_\-]/', '', $key ); + + if ( ! is_string( $key ) ) { + $key = ''; + } + + if ( '' !== $key ) { + $key = strtolower( $key ); + $key = preg_replace( '/[^a-z0-9_\-]/', '', $key ); + } /** * Filters a sanitized key string. diff --git a/tests/phpunit/tests/formatting/sanitizeKey.php b/tests/phpunit/tests/formatting/sanitizeKey.php new file mode 100644 index 0000000000..7dea43e004 --- /dev/null +++ b/tests/phpunit/tests/formatting/sanitizeKey.php @@ -0,0 +1,90 @@ +assertSame( $expected, sanitize_key( $key ) ); + } + + public function data_sanitize_key() { + return array( + 'an empty string key' => array( + 'key' => '', + 'expected' => '', + ), + 'a null key' => array( + 'key' => null, + 'expected' => '', + ), + 'an int 0 key' => array( + 'key' => 0, + 'expected' => '', + ), + 'a true key' => array( + 'key' => true, + 'expected' => '', + ), + 'an array key' => array( + 'key' => array( 'Howdy, admin!' ), + 'expected' => '', + ), + 'a lowercase key with commas' => array( + 'key' => 'howdy,admin', + 'expected' => 'howdyadmin', + ), + 'a lowercase key with commas' => array( + 'key' => 'HOWDY,ADMIN', + 'expected' => 'howdyadmin', + ), + 'a mixed case key with commas' => array( + 'key' => 'HoWdY,aDmIn', + 'expected' => 'howdyadmin', + ), + 'a key with dashes' => array( + 'key' => 'howdy-admin', + 'expected' => 'howdy-admin', + ), + 'a key with spaces' => array( + 'key' => 'howdy admin', + 'expected' => 'howdyadmin', + ), + 'a key with a HTML entity' => array( + 'key' => 'howdy admin', + 'expected' => 'howdynbspadmin', + ), + 'a key with a unicode character' => array( + 'key' => 'howdy' . chr( 140 ) . 'admin', + 'expected' => 'howdyadmin', + ), + ); + } + + /** + * @ticket 54160 + * + * @covers WP_Hook::sanitize_key + */ + public function test_filter_sanitize_key() { + $key = 'Howdy, admin!'; + + add_filter( + 'sanitize_key', + static function( $key ) { + return 'Howdy, admin!'; + } + ); + + $this->assertSame( $key, sanitize_key( $key ) ); + } +}