[wp-trac] [WordPress Trac] #21767: Remove stripslashes from API functions
WordPress Trac
wp-trac at lists.automattic.com
Fri Oct 5 06:07:13 UTC 2012
#21767: Remove stripslashes from API functions
-------------------------------------------------+-------------------------
Reporter: alexkingorg | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
Component: General | Review
Severity: normal | Version: trunk
Keywords: has-patch needs-testing needs-unit- | Resolution:
tests |
-------------------------------------------------+-------------------------
Comment (by mbijon):
Is there any way we could toggle wp_unslash() off by default?
I think {{{add_theme_support()}}} sets a precedent for this. Then this
could go in sooner, but not affect anyone who isn't purposefully enabling
it.
----
Why?
As much as I'd like this to go in because it seems right ... the plugin
repo is well-aged. So the risk of a security hole that stays open a long
time is high.
For preventing security issues manually: I can't imagine finding the time
to do a full review & refactor of all plugins on our clients at work plus
on my own sites. That's putting aside a few scores of out-of-touch clients
who won't have the staff or budget to do updates themselves (multiply that
by a few thousand active WP devs).
But if it's disabled by default then there's no need to have Alex maintain
this patch long-term, and no need to time it for the beginning of a cycle.
Plus, is a single cycle really enough to see even a large minority of
plugins updated?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21767#comment:30>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list