[wp-hackers] Admin notices
Andrew Nacin
wp at andrewnacin.com
Mon Apr 11 06:35:38 UTC 2011
On Mon, Apr 11, 2011 at 2:26 AM, Ryan McCue <lists at rotorised.com> wrote:
> Rob Miller wrote:
> > No need to target 5.3+; you can do anonymous functions in PHP 4.0+:
> >
> > add_action('admin_notices', create_function('', 'echo "your message";'));
>
> True, and good point! They just don't look as nice. ;)
I would strongly recommend you avoid create_function() at all costs. It
poses a pretty serious security risk when used improperly. It's a priority
for us to remove all of them from the core codebase. (We're close.)
I would also recommend (in general) you avoid closures. I use them in
testing all the time -- add_action( 'init', function() { ... } ); -- but in
a public plugin, it's not playing very nice with others, as the callback
can't easily be removed.
Nacin
More information about the wp-hackers
mailing list