[wp-hackers] Admin notices

Andrew Nacin wp at andrewnacin.com
Mon Apr 11 06:35:38 UTC 2011


On Mon, Apr 11, 2011 at 2:26 AM, Ryan McCue <lists at rotorised.com> wrote:

> Rob Miller wrote:
> > No need to target 5.3+; you can do anonymous functions in PHP 4.0+:
> >
> > add_action('admin_notices', create_function('', 'echo "your message";'));
>
> True, and good point! They just don't look as nice. ;)


I would strongly recommend you avoid create_function() at all costs. It
poses a pretty serious security risk when used improperly. It's a priority
for us to remove all of them from the core codebase. (We're close.)

I would also recommend (in general) you avoid closures. I use them in
testing all the time -- add_action( 'init', function() { ... } ); -- but in
a public plugin, it's not playing very nice with others, as the callback
can't easily be removed.

Nacin


More information about the wp-hackers mailing list