[wp-trac] [WordPress Trac] #19877: wp_kses_stripslashes() should account for single quotes too
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 22 22:06:09 UTC 2012
#19877: wp_kses_stripslashes() should account for single quotes too
-----------------------------+------------------------------
Reporter: ethitter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Validation | Version: 3.3.1
Severity: normal | Resolution:
Keywords: has-patch close |
-----------------------------+------------------------------
Changes (by duck_):
* keywords: has-patch => has-patch close
Comment:
wp_kses_stripslashes is a legacy function that had to be used to deal with
addslashes() run when using preg_replace() and the eval modifier. The
double quotes remained slashed because the backreference in the PHP string
to be evaluated [http://core.trac.wordpress.org/browser/trunk/wp-
includes/kses.php?rev=2897#L80 was in single quotes], so a custom slash
removal function was used to remove slashes from in front of double
quotes.
I would prefer to actually remove the call as it's no longer necessary. If
you're passing slashed data to kses it should be stripped first -- which
is why we do stripslashes in wp_filter_kses(). Unfortunately removing the
call would cause breakage for those passing in slashed data containing
double quoted attributes as this happens to work at the moment.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19877#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list