kses.php global $allowedxmlentitynames naming

[ovidiul]

Hi all,

upon debugging this Notice on one of our client's site

<?php
NoticedError: in_array() expects parameter 2 to be array, null given
in newrelic_notice_error called at ? (?)
in in_array called at /chroot/var/www/wp-includes/kses.php (1863)
in wp_kses_xml_named_entities called at ? (?)
in preg_replace_callback called at /chroot/var/www/wp-includes/kses.php (1805)
in wp_kses_normalize_entities called at /chroot/var/www/wp-includes/formatting.php (981)
in _wp_specialchars called at /chroot/var/www/wp-includes/formatting.php (4574)
in{closure} called at ? (?)
in preg_replace_callback called at /chroot/var/www/wp-includes/formatting.php (4580)

I've found a small discrepancy in the namings used in core file wp-includes/kses.php , so the global $allowedxmlentitynames variable is actually used further as $allowedxmlnamedentities, I am guessing this might not be intentional?

I am lead to believe this might be the source of the issue, however, I was unable to actively duplicate the issue as it happens during a scheduled cron event.

Happy to submit a patch for this if it's confirmed.

Thank you

[ovidiul]

To clarify this more,

I am referring to these [code lines]​https://github.com/WordPress/WordPress/blob/master/wp-includes/kses.php#L715-L724 and [this]​https://github.com/WordPress/WordPress/blob/master/wp-includes/kses.php#L50

<?php
/**
         * @var string[] $allowedxmlentitynames Array of KSES allowed XML entitity names.
         * @since 5.5.0
         */
        $allowedxmlnamedentities = array(
                'amp',
                'lt',
                'gt',
                'apos',
                'quot',
        );

<?php
global $allowedposttags, $allowedtags, $allowedentitynames, $allowedxmlentitynames;

so the actual $allowedxmlnamedentities variable name is not being set as global in the file.

This PR should address a naming mismatch and make the $allowedxmlnamedentities referenced on the kses.php file a global variable

Trac ticket: https://core.trac.wordpress.org/ticket/54060

[SergeyBiryukov]

Hi there, welcome to WordPress Trac! Thanks for the report.

Good catch, introduced in [48072] / #50117. This could use some unit tests.

[ovidiul]

Added unit test for the wp_kses_xml_named_entities function inside the patch, however, I fail to find a simple way to test if the global names are setup properly inside kses.php file to prevent similar issues, other than maybe plain syntax check.

I've been trying to do this through spl_autoload_register, but that seems to require a more isolated environment outside WordPress Unit Tests.

Any suggestions?

Thanks.