[wp-trac] [WordPress Trac] #37082: Remove (most) uses of create_function() from core

WordPress Trac noreply at wordpress.org
Mon Jun 13 01:51:15 UTC 2016


#37082: Remove (most) uses of create_function() from core
-------------------------+--------------------
 Reporter:  sgolemon     |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  4.6
Component:  General      |     Version:  trunk
 Severity:  normal       |  Resolution:
 Keywords:  has-patch    |     Focuses:
-------------------------+--------------------
Changes (by rmccue):

 * keywords:   => has-patch
 * milestone:  Awaiting Review => 4.6


Comment:

 Welcome to Trac, and thanks for the patches!

 Replying to [comment:1 sgolemon]:
 > On the fourth usage, I have some concerns about the current default
 implementations, specifically regarding unfiltered/unsanitized output.

 You're totally right that the code in here sucks, but it's actually no
 longer used in core, and only provided for backwards compatibility
 purposes (AtomPub was removed in 3.5 in #21866), so we don't really need
 to fix it.

 (Also, the filter extension can be disabled, so we can't use `filter_var`
 anyway.)

 I think [attachment:0004-Remove-unnecessary-use-of-create_function-in-
 AtomFee.patch] should be fine just to remove the `create_function` calls.
 I'm not entirely sure how the POMO library stuff is handled, I believe
 it's managed externally in GlotPress. Pinging @ocean90 on that one.

 The code all looks good-to-go though, pending the logistical bits of how
 we actually merge it.

 Sidenote: Apart from these usages of `create_function`, the only other one
 I see is in `Translations::make_plural_form_function()`, which looks
 absolutely crazy to me. `Plural-Forms` in gettext is actually a full
 C-like expression, so we either need to write our own parser or continue
 using this eval-ish hack. This concerns me, but seems like that'll need to
 stay that way.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37082#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list