Skip to content

PHP 8.4: Remove FILTER_SANITIZE_STRING#3394

Merged
dd32 merged 3 commits intotrunkfrom
copilot/remove-filter-sanitize-string
Mar 19, 2026
Merged

PHP 8.4: Remove FILTER_SANITIZE_STRING#3394
dd32 merged 3 commits intotrunkfrom
copilot/remove-filter-sanitize-string

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 9, 2026
edited
Loading

FILTER_SANITIZE_STRING was deprecated in PHP 8.1, triggers warnings in PHP 8.4, and will be removed in PHP 9.0. Replaces all usages with appropriate WordPress-native alternatives.

Changes

  • inc/form.php — Remove filter_input_array() and all input_filters keys from the workshop application field schema. get_workshop_application_form_submission() now reads directly from $_POST, sanitizing each field based on its schema type using sanitize_text_field/sanitize_email + wp_unslash.
  • inc/admin.php — Replace 7 filter_input( INPUT_GET, ..., FILTER_SANITIZE_STRING ) calls with sanitize_text_field( wp_unslash( $_GET[...] ?? '' ) ).
  • inc/post-meta.php — Replace filter_var( $value, FILTER_SANITIZE_STRING ) in a sanitize_callback with sanitize_text_field( $value ).
// Before
$audience = filter_input( INPUT_GET, 'wporg_audience', FILTER_SANITIZE_STRING );

// After
$audience = sanitize_text_field( wp_unslash( $_GET['wporg_audience'] ?? '' ) );
Original prompt

This section details on the original issue you should resolve

<issue_title>PHP 8.4: FILTER_SANITIZE_STRING</issue_title>
<issue_description>- PHP 8.1 deprecated FILTER_SANITIZE_STRING.

  • PHP 8.4 throws warnings for FILTER_SANITIZE_STRING.
  • PHP 9.0 will remove FILTER_SANITIZE_STRING.
  • FILTER_SANITIZE_STRING was often used incorrectly.

We should:

  • Remove uses of this constant.
  • Upgrade relevant uses of filter() to use explicit WordPress functions where possible, absint(), etc.
  • Use PHP null coalesce where possible: $id = absint( $_REQUEST['id'] ?? 0 ); or $text = wp_unslash( $_POST['data'] ?? '' );

https://wiki.php.net/rfc/deprecations_php_8_1
</issue_description>

Comments on the Issue (you are @copilot in this section)

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

Copilot AI assigned Copilot and dd32 Mar 9, 2026
Copilot AI changed the title [WIP] Remove FILTER_SANITIZE_STRING usage and update filters PHP 8.4: Remove FILTER_SANITIZE_STRING Mar 9, 2026
Copilot finished work on behalf of dd32 March 9, 2026 02:52
@dd32
Copy link
Copy Markdown
Member

dd32 commented Mar 9, 2026

@copilot This should also remove filter_input_array() for consistency, which removes the need for input_filters

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Mar 9, 2026

@copilot This should also remove filter_input_array() for consistency, which removes the need for input_filters

Done in b639727. Replaced filter_input_array() in get_workshop_application_form_submission() with a loop over the schema properties that reads directly from $_POST using sanitize_text_field/sanitize_email + wp_unslash based on the field type/format. All input_filters keys have been removed from the schema since they're no longer needed.

Copilot finished work on behalf of dd32 March 9, 2026 03:17
@dd32 dd32 marked this pull request as ready for review March 9, 2026 03:18
@dd32 dd32 merged commit b882afd into trunk Mar 19, 2026
1 check passed
@dd32 dd32 deleted the copilot/remove-filter-sanitize-string branch March 19, 2026 06:17
This was referenced Mar 19, 2026
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dd32 dd32

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PHP 8.4: FILTER_SANITIZE_STRING

2 participants

@dd32