Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FILTER_SANITIZE_STRING is deprecated in PHP 8.1 #126

Closed
Zodiac1978 opened this issue Sep 30, 2023 · 0 comments · Fixed by #127
Closed

FILTER_SANITIZE_STRING is deprecated in PHP 8.1 #126

Zodiac1978 opened this issue Sep 30, 2023 · 0 comments · Fixed by #127
Labels
bug has patch

Comments

@Zodiac1978
Copy link
Member

We use FILTER_SANITIZE_STRING here:

antivirus/inc/class-antivirus.php

Line 526 in e55943c

$theme_file = filter_var( wp_unslash( $_POST['_theme_file'] ), FILTER_SANITIZE_STRING );

This filter is deprecated in PHP 8.1.

From the docs:

Strip tags and HTML-encode double and single quotes, optionally strip or encode special characters. Encoding quotes can be disabled by setting FILTER_FLAG_NO_ENCODE_QUOTES. (Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.)
See: https://www.php.net/manual/en/filter.filters.sanitize.php

First reported here:
https://wordpress.org/support/topic/manually-antivirus-scan-does-not-work/#post-17090504

See also: https://stackoverflow.com/questions/69207368/constant-filter-sanitize-string-is-deprecated
@Zodiac1978 Zodiac1978 added the bug label Sep 30, 2023
stklcode added a commit that referenced this issue Oct 2, 2023
@stklcode
replace deprecated FILTER_SANITIZE_STRING (#126) (#127)
9119201 
In the following method check_theme_file() URL sanitization is applied,
so we can either use FILTER_SANITIZE_URL here as well or simply pass
USAFE_RAW in this case.
stklcode added a commit that referenced this issue Oct 2, 2023
@stklcode
replace deprecated FILTER_SANITIZE_STRING (#126) (#127)
87964f9 
In the following method check_theme_file() URL sanitization is applied,
so we can either use FILTER_SANITIZE_URL here as well or simply pass
UNSAFE_RAW in this case.
@stklcode stklcode mentioned this issue Oct 2, 2023
Merged
stklcode added a commit that referenced this issue Oct 2, 2023
@stklcode
replace deprecated FILTER_SANITIZE_STRING (#126) (#127)
938b179 
In the following method check_theme_file() URL sanitization is applied,
so we can either use FILTER_SANITIZE_URL here as well or simply pass
UNSAFE_RAW in this case.
stklcode added a commit that referenced this issue Oct 2, 2023
@stklcode
replace deprecated FILTER_SANITIZE_STRING (#126) (#127)
a6030c5 
In the following method check_theme_file() URL sanitization is applied,
so we can either use FILTER_SANITIZE_URL here as well or simply pass
UNSAFE_RAW in this case.
stklcode added a commit that referenced this issue Oct 31, 2023
@stklcode
replace deprecated FILTER_SANITIZE_STRING (#126) (#127)
5a7e857 
In the following method check_theme_file() URL sanitization is applied,
so we can either use FILTER_SANITIZE_URL here as well or simply pass
UNSAFE_RAW in this case.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug has patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

replace deprecated FILTER_SANITIZE_STRING (#126) pluginkollektiv/antivirus
2 participants
@Zodiac1978 @stklcode