Formatting: Prevent wp_slash from returning non-strings as strings.

If a bool/float/int is passed into wp_slash it will be coerced into a string.

This changes the behavior to only slash strings. At the same time, handles recursion a little nicer by calling array_map for arrays.

Fixes #42195, #24106.

Props johnbillion, andizer, jrf, ryotasakamoto, SergeyBiryukov, donmhico, TobiasBg, markoheijnen, ryan, nacin, devesine, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@48433


git-svn-id: http://core.svn.wordpress.org/trunk@48202 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/formatting.php

@@ -5496,27 +5496,24 @@ function sanitize_trackback_urls( $to_ping ) {
 }
 
 /**
- * Add slashes to a string or array of strings.
+ * Add slashes to a string or array of strings, in a recursive manner.
  *
  * This should be used when preparing data for core API that expects slashed data.
  * This should not be used to escape data going directly into an SQL query.
  *
  * @since 3.6.0
+ * @since 5.5.0 Leave a non-string value untouched.
  *
  * @param string|array $value String or array of strings to slash.
  * @return string|array Slashed $value
  */
 function wp_slash( $value ) {
 	if ( is_array( $value ) ) {
-		foreach ( $value as $k => $v ) {
-			if ( is_array( $v ) ) {
-				$value[ $k ] = wp_slash( $v );
-			} else {
-				$value[ $k ] = addslashes( $v );
-			}
-		}
-	} else {
-		$value = addslashes( $value );
+		$value = array_map( 'wp_slash', $value );
+	}
+
+	if ( is_string( $value ) ) {
+		return addslashes( $value );
 	}
 
 	return $value;

wp-includes/version.php

@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.5-beta1-48432';
+$wp_version = '5.5-beta1-48433';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.