From 4ee40e3ff1b40b34aa590ed30c0aff01e85a9f14 Mon Sep 17 00:00:00 2001
From: Jb Audras <audrasjb@git.wordpress.org>
Date: Mon, 11 Apr 2022 19:58:04 +0000
Subject: [PATCH] Formatting: Avoid escaping valid XML values in `esc_xml()`.

This change improves the `esc_xml()` function by replacing two `empty()` checks with `isset()` to cover values that are not equal to `''` but still returning `true` when checked with `empty()`, like `'0'`, `0` or `false`. It also updates the related unit tests accordingly.

Props rumpel2116, pbiron.
Fixes #55399.


git-svn-id: https://develop.svn.wordpress.org/trunk@53144 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/formatting.php            | 4 ++--
 tests/phpunit/tests/formatting/escXml.php | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index 0441866344..eb4acda64b 100644
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@@ -4639,11 +4639,11 @@ EOF;
 	$safe_text = (string) preg_replace_callback(
 		$regex,
 		static function( $matches ) {
-			if ( ! $matches[0] ) {
+			if ( ! isset( $matches[0] ) ) {
 				return '';
 			}
 
-			if ( ! empty( $matches['non_cdata'] ) ) {
+			if ( isset( $matches['non_cdata'] ) ) {
 				// escape HTML entities in the non-CDATA Section.
 				return _wp_specialchars( $matches['non_cdata'], ENT_XML1 );
 			}
diff --git a/tests/phpunit/tests/formatting/escXml.php b/tests/phpunit/tests/formatting/escXml.php
index fa6738dca0..435bc398a6 100644
--- a/tests/phpunit/tests/formatting/escXml.php
+++ b/tests/phpunit/tests/formatting/escXml.php
@@ -42,6 +42,11 @@ class Tests_Formatting_EscXml extends WP_UnitTestCase {
 				"SELECT meta_key, meta_value FROM wp_trunk_sitemeta WHERE meta_key IN ('site_name', 'siteurl', 'active_sitewide_plugins', '_site_transient_timeout_theme_roots', '_site_transient_theme_roots', 'site_admins', 'can_compress_scripts', 'global_terms_enabled') AND site_id = 1",
 				'SELECT meta_key, meta_value FROM wp_trunk_sitemeta WHERE meta_key IN (&apos;site_name&apos;, &apos;siteurl&apos;, &apos;active_sitewide_plugins&apos;, &apos;_site_transient_timeout_theme_roots&apos;, &apos;_site_transient_theme_roots&apos;, &apos;site_admins&apos;, &apos;can_compress_scripts&apos;, &apos;global_terms_enabled&apos;) AND site_id = 1',
 			),
+			// Zero string.
+			array(
+				'0',
+				'0',
+			),
 		);
 	}