[wp-trac] [WordPress Trac] #12780: get_search_query() can be confusing as it doesn't sanitize
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 31 02:27:55 UTC 2010
#12780: get_search_query() can be confusing as it doesn't sanitize
--------------------------+-------------------------------------------------
Reporter: Viper007Bond | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 3.0
Component: Template | Version: 3.0
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
Changes (by nacin):
* priority: normal => high
* milestone: Unassigned => 3.0
Comment:
Deprecating it for get_the_search_query() doesn't do much good. We can't
even get plugin authors to obey the deprecated API.
I suggest we break back compat here and escape it. The Codex is wrong,
Twenty Ten is wrong, many many themes are inviting XSS.
If anyone wants the unescaped value, they can call the query var
themselves.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12780#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list