[wp-trac] [WordPress Trac] #37082: Remove (most) uses of create_function() from core
WordPress Trac
noreply at wordpress.org
Sun Jun 12 17:14:23 UTC 2016
#37082: Remove (most) uses of create_function() from core
-------------------------+------------------------------
Reporter: sgolemon | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by sgolemon):
On the fourth usage, I have some concerns about the current default
implementations, specifically regarding unfiltered/unsanitized output.
Given that these methods are designed to produce XML declaration pairs,
I'd like to apply a label/string/uri sanitization such as the following:
public static function defaultMapAttrsFunc($k, $v) {
return preg_replace('/[0-9A-Za-z_-]+/', '', $k) . '="' . filter_var($v,
FILTER_SANITIZE_ENCODED) . '"';
}
and similar in defaultMapXmlnsFunc, of course.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37082#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list