UnslashingFunctionsHelper: make sure function names are checked case-…

…insensitively These functions should be self-contained, so should not presume that the sniff has already lowercased the function name before passing it. This fixes a bug as, in this case, the sniff didn't actually lowercase the name before passing it to the Helper class methods, so the sniff would throw false positives for non-lowercase function calls. Tested by adjusting some pre-existing tests for the `ValidatedSanitizedInput` sniff.
WordPress · Jun 29, 2023 · 31fa764 · 31fa764
1 parent 745b162
commit 31fa764
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/WordPress/Helpers/UnslashingFunctionsHelper.php b/WordPress/Helpers/UnslashingFunctionsHelper.php
@@ -54,6 +54,6 @@ public static function get_unslashing_functions() {
 	 * @return bool
 	 */
 	public static function is_unslashing_function( $functionName ) {
-		return isset( self::$unslashingFunctions[ $functionName ] );
+		return isset( self::$unslashingFunctions[ strtolower( $functionName ) ] );
 	}
 }
diff --git a/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.1.inc b/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.1.inc
@@ -113,7 +113,7 @@ if ( is_array( $_GET['test'] ) ) {} // Ok.
 output( "some string \$_POST[some_var]" ); // Ok.
 output( "some string \\$_POST[some_var] $_GET[evil]" ); // Bad x2.
 
-echo esc_html( wp_strip_all_tags( wp_unslash( $_GET['a'] ) ) ); // Ok.
+echo esc_html( wp_strip_all_tags( WP_Unslash( $_GET['a'] ) ) ); // Ok.
 
 // Test validation check vs anonymous functions.
 isset( $_POST['abc'] ); // Validation in global scope, not function scope.