[wp-trac] [WordPress Trac] #57686: Introduce wp_trigger_error() to compliment _doing_it_wrong()
WordPress Trac
noreply at wordpress.org
Fri Sep 8 15:20:41 UTC 2023
#57686: Introduce wp_trigger_error() to compliment _doing_it_wrong()
----------------------------------------+-----------------------------
Reporter: azaozz | Owner: hellofromTonya
Type: enhancement | Status: assigned
Priority: normal | Milestone: 6.4
Component: General | Version:
Severity: normal | Resolution:
Keywords: needs-dev-note needs-patch | Focuses:
----------------------------------------+-----------------------------
Changes (by hellofromTonya):
* keywords: needs-dev-note has-patch has-unit-tests commit => needs-dev-
note needs-patch
Comment:
>Maybe can just document it that the string is expected to be HTML escaped
(or "safe")?
I agree. As [https://github.com/WordPress/wordpress-
develop/pull/5144#discussion_r1317739430 previously noted in original PR
(threaded comments)]:
>None of the existing `trigger_error()` instances in Core use `esc_html()`
including `_doing_it_wrong()` and `_deprecated_*()` functions.... The
error messages are intended for the server logs.
>`trigger_error()` is for hardcoded PHP error/warning/notice/deprecation
messages. I don't think they need escaping.
Within Core itself, the instances are hardcode and thus trusted. I agree
with @flixos90 that the responsibility then lies with any customized code
that is dynamically creating the messages (i.e. non-hardcoded messages).
Adding that information into the function's docblock can provide guidance.
PR coming.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57686#comment:37>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list