From c8b5610b910f9bf64653ceae305e00628a89f8c6 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Thu, 27 Aug 2020 02:46:22 +0000
Subject: [PATCH] Taxonomy: Make sure `wp_terms_checklist()` and
 `Walker_Category_Checklist::start_el()` properly handle an array of strings
 as `selected_cats` or `popular_cats` values.

Even with these values documented as an array of integers, they can technically also accept an array of strings, e.g. as form results.

Add a unit test.

Props brianhogg, TimothyBlynJacobs, SergeyBiryukov.
Fixes #51137.

git-svn-id: https://develop.svn.wordpress.org/trunk@48880 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../class-walker-category-checklist.php       |  4 +-
 src/wp-admin/includes/template.php            |  4 +-
 .../phpunit/tests/admin/includesTemplate.php  | 40 +++++++++++++++++++
 3 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/src/wp-admin/includes/class-walker-category-checklist.php b/src/wp-admin/includes/class-walker-category-checklist.php
index f4d3fbed36..4c6cc9ef31 100644
--- a/src/wp-admin/includes/class-walker-category-checklist.php
+++ b/src/wp-admin/includes/class-walker-category-checklist.php
@@ -81,11 +81,11 @@ class Walker_Category_Checklist extends Walker {
 			$name = 'tax_input[' . $taxonomy . ']';
 		}
 
-		$args['popular_cats'] = empty( $args['popular_cats'] ) ? array() : $args['popular_cats'];
+		$args['popular_cats'] = ! empty( $args['popular_cats'] ) ? array_map( 'intval', $args['popular_cats'] ) : array();
 
 		$class = in_array( $category->term_id, $args['popular_cats'], true ) ? ' class="popular-category"' : '';
 
-		$args['selected_cats'] = empty( $args['selected_cats'] ) ? array() : $args['selected_cats'];
+		$args['selected_cats'] = ! empty( $args['selected_cats'] ) ? array_map( 'intval', $args['selected_cats'] ) : array();
 
 		if ( ! empty( $args['list_only'] ) ) {
 			$aria_checked = 'false';
diff --git a/src/wp-admin/includes/template.php b/src/wp-admin/includes/template.php
index d77d2104da..ad87a89521 100644
--- a/src/wp-admin/includes/template.php
+++ b/src/wp-admin/includes/template.php
@@ -120,7 +120,7 @@ function wp_terms_checklist( $post_id = 0, $args = array() ) {
 	$args['list_only'] = ! empty( $parsed_args['list_only'] );
 
 	if ( is_array( $parsed_args['selected_cats'] ) ) {
-		$args['selected_cats'] = $parsed_args['selected_cats'];
+		$args['selected_cats'] = array_map( 'intval', $parsed_args['selected_cats'] );
 	} elseif ( $post_id ) {
 		$args['selected_cats'] = wp_get_object_terms( $post_id, $taxonomy, array_merge( $args, array( 'fields' => 'ids' ) ) );
 	} else {
@@ -128,7 +128,7 @@ function wp_terms_checklist( $post_id = 0, $args = array() ) {
 	}
 
 	if ( is_array( $parsed_args['popular_cats'] ) ) {
-		$args['popular_cats'] = $parsed_args['popular_cats'];
+		$args['popular_cats'] = array_map( 'intval', $parsed_args['popular_cats'] );
 	} else {
 		$args['popular_cats'] = get_terms(
 			array(
diff --git a/tests/phpunit/tests/admin/includesTemplate.php b/tests/phpunit/tests/admin/includesTemplate.php
index 82f7ad3332..20bd4bd0fd 100644
--- a/tests/phpunit/tests/admin/includesTemplate.php
+++ b/tests/phpunit/tests/admin/includesTemplate.php
@@ -3,6 +3,7 @@
  * @group admin
  */
 class Tests_Admin_includesTemplate extends WP_UnitTestCase {
+
 	function test_equal() {
 		$this->assertEquals( ' selected=\'selected\'', selected( 'foo', 'foo', false ) );
 		$this->assertEquals( ' checked=\'checked\'', checked( 'foo', 'foo', false ) );
@@ -46,6 +47,45 @@ class Tests_Admin_includesTemplate extends WP_UnitTestCase {
 		$this->assertEquals( '', checked( 0, false, false ) );
 	}
 
+	/**
+	 * @ticket 51147
+	 * @dataProvider data_wp_terms_checklist_with_selected_cats
+	 */
+	public function test_wp_terms_checklist_with_selected_cats( $term_id ) {
+		$output = wp_terms_checklist(
+			0,
+			array(
+				'selected_cats' => array( $term_id ),
+				'echo'          => false,
+			)
+		);
+
+		$this->assertContains( "checked='checked'", $output );
+	}
+
+	/**
+	 * @ticket 51147
+	 * @dataProvider data_wp_terms_checklist_with_selected_cats
+	 */
+	public function test_wp_terms_checklist_with_popular_cats( $term_id ) {
+		$output = wp_terms_checklist(
+			0,
+			array(
+				'popular_cats' => array( $term_id ),
+				'echo'         => false,
+			)
+		);
+
+		$this->assertContains( 'class="popular-category"', $output );
+	}
+
+	public function data_wp_terms_checklist_with_selected_cats() {
+		return array(
+			array( '1' ),
+			array( 1 ),
+		);
+	}
+
 	public function test_add_meta_box() {
 		global $wp_meta_boxes;