Merge pull request #1673 from WordPress-Coding-Standards/feature/1659-validatedsanitizedinput-allow-for-various-additional-safe-functions

GaryJones · web-flow · commit 2a0f1548697e · 2019-04-01T04:52:40.000+01:00
Sniff::$unslashingSanitizingFunctions: add doubleval() and count()
diff --git a/WordPress/Sniff.php b/WordPress/Sniff.php
@@ -309,10 +309,13 @@ abstract class Sniff implements PHPCS_Sniff {
 	protected $unslashingSanitizingFunctions = array(
 		'absint'       => true,
 		'boolval'      => true,
+		'count'        => true,
+		'doubleval'    => true,
 		'floatval'     => true,
 		'intval'       => true,
 		'is_array'     => true,
 		'sanitize_key' => true,
+		'sizeof'       => true,
 	);
 
 	/**
diff --git a/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.inc b/WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.inc
@@ -216,3 +216,12 @@ if ( isset( $_GET['unslash_check'] ) ) {
 	$clean = sanitize_text_field( WP_Faker::wp_unslash( $_GET['unslash_check'] ) ); // Bad x1 - unslash.
 	$clean = WP_Faker\sanitize_text_field( wp_unslash( $_GET['unslash_check'] ) ); // Bad x1 - sanitize.
 }
+
+function test_more_safe_functions() {
+	if ( ! isset( $_GET['test'] ) ) {
+		return;
+	}
+
+	$float = doubleval( $_GET['test'] ); // OK.
+	$count = count( $_GET['test'] ); // Issue #1659; OK.
+}
