From 8e1608ac6f84ef5b7934deca33c5f98be3e494f3 Mon Sep 17 00:00:00 2001
From: Ryan Cramer <ryan@processwire.com>
Date: Fri, 19 Nov 2021 11:43:49 -0500
Subject: [PATCH] Fix issue processwire/processwire-issues#1467

---
 wire/core/Modules.php         |  2 +-
 wire/core/PagesSortfields.php | 13 ++++++++-----
 wire/core/Sanitizer.php       |  6 +++---
 wire/core/Selectors.php       |  1 +
 wire/core/WireArray.php       | 12 ++++++------
 5 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/wire/core/Modules.php b/wire/core/Modules.php
index c6a8fa9c..f7a43758 100644
--- a/wire/core/Modules.php
+++ b/wire/core/Modules.php
@@ -4343,7 +4343,7 @@ class Modules extends WireArray {
 		
 		if($isModule && $namespace) {
 			$actualNamespace = $this->getModuleNamespace($moduleName);
-			if(trim($namespace, '\\') != trim($actualNamespace, '\\')) {
+			if(trim("$namespace", '\\') != trim("$actualNamespace", '\\')) {
 				$isModule = false;
 			}
 		}
diff --git a/wire/core/PagesSortfields.php b/wire/core/PagesSortfields.php
index b20eae6b..322b3e7c 100644
--- a/wire/core/PagesSortfields.php
+++ b/wire/core/PagesSortfields.php
@@ -94,6 +94,7 @@ class PagesSortfields extends Wire {
 	public function decode($sortfield, $default = 'sort') {
 
 		$reverse = false;
+		$sortfield = (string) $sortfield;
 
 		if(substr($sortfield, 0, 1) == '-') {
 			$sortfield = substr($sortfield, 1); 
@@ -101,13 +102,15 @@ class PagesSortfields extends Wire {
 		}
 
 		if(ctype_digit("$sortfield") || !Fields::isNativeName($sortfield)) {
-			$field = $this->wire('fields')->get($sortfield);
-			if($field) $sortfield = $field->name; 
-				else $sortfield = '';
+			$field = $this->wire()->fields->get(ctype_digit($sortfield) ? (int) $sortfield : $sortfield);
+			$sortfield = $field ? $field->name : '';
 		}
 
-		if(!$sortfield) $sortfield = $default;
-			else if($reverse) $sortfield = "-$sortfield";
+		if(!$sortfield) {
+			$sortfield = $default;
+		} else if($reverse) {
+			$sortfield = "-$sortfield";
+		}
 
 		return $sortfield; 
 	}
diff --git a/wire/core/Sanitizer.php b/wire/core/Sanitizer.php
index 71185ddb..2ff45b06 100644
--- a/wire/core/Sanitizer.php
+++ b/wire/core/Sanitizer.php
@@ -372,12 +372,12 @@ class Sanitizer extends Wire {
 		if($needsWork) {
 			$value = str_replace(array("'", '"'), '', $value); // blank out any quotes
 			$_value = $value;
-			$filters = FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_NO_ENCODE_QUOTES;
-			$value = filter_var($value, FILTER_SANITIZE_STRING, $filters);
+			$filters = FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_BACKTICK;
+			$value = filter_var($value, FILTER_UNSAFE_RAW, $filters);
 			if(!strlen($value)) {
 				// if above filter blanked out the string, try with brackets already replaced
 				$value = str_replace(array('<', '>', '«', '»', '‹', '›'), $replacementChar, $_value);
-				$value = filter_var($value, FILTER_SANITIZE_STRING, $filters);
+				$value = filter_var($value, FILTER_UNSAFE_RAW, $filters);
 			}
 			$hyphenPos = strpos($extras, '-');
 			if($hyphenPos !== false && $hyphenPos !== 0) {
diff --git a/wire/core/Selectors.php b/wire/core/Selectors.php
index c552d045..49209187 100644
--- a/wire/core/Selectors.php
+++ b/wire/core/Selectors.php
@@ -1476,6 +1476,7 @@ class Selectors extends WireArray {
 		static $digits = '_0123456789';
 
 		$has = false;
+		$str = (string) $str;
 
 		foreach(self::$selectorTypes as $operator => $unused) {
 
diff --git a/wire/core/WireArray.php b/wire/core/WireArray.php
index 5dbbf3d5..6d9d6f5d 100644
--- a/wire/core/WireArray.php
+++ b/wire/core/WireArray.php
@@ -575,7 +575,7 @@ class WireArray extends Wire implements \IteratorAggregate, \ArrayAccess, \Count
 		if(isset($this->data[$key])) return $this->data[$key];
 
 		// check if key contains something other than numbers, letters, underscores, hyphens
-		if(!ctype_alnum("$key") && !ctype_alnum(strtr("$key", '-_', 'ab'))) {
+		if(is_string($key) && !ctype_alnum($key) && !ctype_alnum(strtr($key, '-_', 'ab'))) {
 			
 			// check if key contains a selector
 			if(Selectors::stringHasSelector($key)) {
@@ -607,12 +607,12 @@ class WireArray extends Wire implements \IteratorAggregate, \ArrayAccess, \Count
 				}
 				return $match;
 			}
-		}
 
-		// if the WireArray uses numeric keys, then it's okay to
-		// match a 'name' field if the provided key is a string
-		if(is_string($key) && $this->usesNumericKeys()) {
-			$match = $this->getItemThatMatches('name', $key);
+			// if the WireArray uses numeric keys, then it's okay to
+			// match a 'name' field if the provided key is a string
+			if($this->usesNumericKeys()) {
+				$match = $this->getItemThatMatches('name', $key);
+			}
 		}
 
 		return $match;