Security/ValidatedSanitizedInput: add tests with PHP 8.0+ match [2]

When a superglobal is used in the match return expressions, it should be validated, unslashed and sanitized.

This is already handled correctly, this just adds a test to safeguard this.

Author: jrfnl

WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.1.inc

@@ -489,3 +489,14 @@ function test_in_match_condition_is_regarded_as_comparison() {
 		};
 	}
 }
+
+function test_in_match_condition_is_regarded_as_comparison() {
+	if ( isset( $_REQUEST['keyA'], $_REQUEST['keyB'], $_REQUEST['keyC'] ) ) {
+		$test = match( $toggle ) {
+			true    => sanitize_text_field( wp_unslash( $_REQUEST['keyA'] ) ), // OK.
+			false   => sanitize_text_field( $_REQUEST['keyB'] ), // Bad - missing unslash.
+			10      => wp_unslash( $_REQUEST['keyC'] ), // Bad - missing sanitization.
+			default => $_REQUEST['keyD'], // Bad - missing sanitization, unslash, validation.
+		};
+	}
+}

WordPress/Tests/Security/ValidatedSanitizedInputUnitTest.php

@@ -111,6 +111,9 @@ public function getErrorList( $testFile = '' ) {
 					475 => 1,
 					476 => 1,
 					481 => 2,
+					497 => 1,
+					498 => 1,
+					499 => 3,
 				);
 
 			case 'ValidatedSanitizedInputUnitTest.2.inc':