[wp-trac] [WordPress Trac] #18954: Automatically whitelist screen options added via add_screen_option()

WordPress Trac noreply at wordpress.org
Wed Aug 12 15:42:03 UTC 2015


#18954: Automatically whitelist screen options added via add_screen_option()
-------------------------+-----------------------------
 Reporter:  mdawaffe     |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Future Release
Component:  Plugins      |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  has-patch    |     Focuses:  administration
-------------------------+-----------------------------

Comment (by kitchin):

 The filter for updating unknown options in misc.php,
 `$value = apply_filters( 'set-screen-option', false, $option, $value );`
 has a major flaw. It implies plugins should return `false` by default,
 rather than `$value`. If more than one plugin is hooking in, they will
 wipe out each other's options if they return false on any $option they
 don't recognize, which I've seen in several tutorials online.
 The filter is followed by:
 {{{
 if ( false === $value ) return; // ...
 update_user_meta($user->ID, $option, $value);
 wp_safe_redirect(...);
 }}}
 Because it's an early hook, plugins have to hook in universally, unless
 they parse `$_GET['page']`.

 Conflicting goals:
 * Do not save unconfirmed data to the db.
 * Plugins should pass through data that does not belong to them.

 I can write a patch to add a hook if people think it would be accepted:
 `$value = apply_filters( "set-screen-option_$option", false, $value );`

 Then maybe deprecate the old filter (can we do that before a redirect?),
 but in any case let the new filter override it.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/18954#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list