[wp-trac] [WordPress Trac] #17343: update_post_meta removes all slashes

WordPress Trac wp-trac at lists.automattic.com
Thu Sep 29 07:16:14 UTC 2011


#17343: update_post_meta removes all slashes
------------------------------+-----------------------
 Reporter:  5ubliminal        |       Owner:
     Type:  defect (bug)      |      Status:  reopened
 Priority:  normal            |   Milestone:  3.3
Component:  Plugins           |     Version:  3.1.1
 Severity:  normal            |  Resolution:
 Keywords:  has-patch commit  |
------------------------------+-----------------------

Comment (by 5ubliminal):

 '''I posted a clear example. Somebody could have just run it.'''

 Btw, you need to dig deeper in all functions where ''stripslashes(_deep)''
 is called as this is not only in the function I pointed out. It's a
 widespread issue.

 '''The stripslashes has to go.''' I understand the backward compatibility
 issues but it's impossible to guess where I need to slash, double slash,
 triple slash or no slash and nobody has time to check the core code in
 each function before using it. Those who don't escape their SQL properly
 deserve what's coming their way, it's not your job to enforce security and
 minimal programming practices. PHP 4 is long gone ''(I hope)'',
 RegisterGlobals also ''(I do hope)'' and those who don't escape SQL or
 typecast numbers should also go.

 Think about plugin developers first, then pimp the UI which is already
 great. '''I understand WP is user and not dev-centric'''. That's why
 you're just popular, totally not developer friendly... and still far from
 your potential.

 '''PS''': ''I reserve the right to think that if any of my tickets was
 posted by your buddies, it would have gotten a second glance and maybe a
 fix.''

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17343#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list