[wp-trac] [WordPress Trac] #21767: Remove stripslashes from API functions
WordPress Trac
wp-trac at lists.automattic.com
Sun Sep 2 22:42:49 UTC 2012
#21767: Remove stripslashes from API functions
-------------------------------------------------+-------------------------
Reporter: alexkingorg | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
Component: General | Review
Severity: normal | Version: trunk
Keywords: has-patch needs-testing needs-unit- | Resolution:
tests |
-------------------------------------------------+-------------------------
Comment (by azaozz):
Replying to [comment:9 alexkingorg]:
> I don't believe it's possible to test for this data...
Yes, it's hard to test. That's probably why there's no
`maybe_strip_slashes()` yet.
The function `addslashes` which is used to add the extra slashes only adds
them at four places:
"Returns a string with backslashes before characters that need to be
quoted in database queries etc. These characters are single quote ('),
double quote ("), backslash (\) and NUL (the NULL byte)."
so it's not impossible to determine if a string has been run through
`addslashes()`, just hard to do.
Not sure what's the best solution. Doubling all functions that "expect
slashed" (there are a lot of them) seems too drastic. Trying to get a
potential `is_slashed()` to work right without being too slow (it would
need to look at user cases) wouldn't be easy. Getting rid of `addslashes`
on the superglobals doesn't seem wise...
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21767#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list