[wp-trac] [WordPress Trac] #9640: wp_update_user() blindly calls add_magic_quotes(), even on objects
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 24 11:45:35 UTC 2009
#9640: wp_update_user() blindly calls add_magic_quotes(), even on objects
--------------------------+-------------------------------------------------
Reporter: misterbisson | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.0
Component: Users | Version: 2.8
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+-------------------------------------------------
Comment(by hakre):
I've just re-read the patches and some of the comments and I must admit
that I'm not confident with my older suggestion any longer. I tend to say
that this is a workflow issue and we should check that only intended types
are passed to the function, namely strings.
For arrays and objects we could offer new functions in which their name
reflects for what they are and we can more strictly define in their
docblock what they do. So other developers won't miss actual features
(they can switch to the new functions in case they need) and we get the
concerns seperated so this is not over-generalized.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9640#comment:34>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list