I18N: Ensure determine_locale() does not potentially return an empty string.

Call `get_locale()` as a last resort in case the sanitized locale is an empty string. Also swaps conditionals to cater for more typical use case and adds tests. Follow-up to [55862] Props Cybr, swissspidy. Fixes #58317. git-svn-id: https://develop.svn.wordpress.org/trunk@56003 602fd350-edb4-49c9-b593-d223f7449a82
2025-10-16 12:05:38 +00:00 · 2023-06-23 16:01:08 +00:00 · 2023-06-23 16:01:08 +00:00 · 85e6518189
commit 85e6518189
parent 44e89612d0
2 changed files with 22 additions and 4 deletions
--- a/src/wp-includes/l10n.php
+++ b/src/wp-includes/l10n.php
@ -145,12 +145,14 @@ function determine_locale() {
 		} else {
 			$determined_locale = sanitize_locale_name( $_COOKIE['wp_lang'] );
 		}
-	} else if (
-		( isset( $_GET['_locale'] ) && 'user' === $_GET['_locale'] && wp_is_json_request() ) ||
-		is_admin()
+	} elseif (
+		is_admin() ||
+		( isset( $_GET['_locale'] ) && 'user' === $_GET['_locale'] && wp_is_json_request() )
 	) {
 		$determined_locale = get_user_locale();
-	} else {
+	}
+
+	if ( ! $determined_locale ) {
 		$determined_locale = get_locale();
 	}

--- a/tests/phpunit/tests/l10n/determineLocale.php
+++ b/tests/phpunit/tests/l10n/determineLocale.php
@ -211,6 +211,22 @@ class Tests_L10n_DetermineLocale extends WP_UnitTestCase {
 		$this->assertSame( 'siteLocale', determine_locale() );
 	}

+	public function test_wp_login_get_param_on_login_page_incorrect_string() {
+		add_filter(
+			'locale',
+			static function() {
+				return 'siteLocale';
+			}
+		);
+
+		wp_set_current_user( self::$user_id );
+
+		$GLOBALS['pagenow'] = 'wp-login.php';
+		$_GET['wp_lang']    = '###'; // Something sanitize_locale_name() strips away.
+
+		$this->assertSame( 'siteLocale', determine_locale() );
+	}
+
 	public function test_wp_login_cookie_not_on_login_page() {
 		add_filter(
 			'locale',