[wp-trac] [WordPress Trac] #11605: wpdb::_weak_escape() is an alias to addslashes only
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 27 20:36:46 UTC 2009
#11605: wpdb::_weak_escape() is an alias to addslashes only
-----------------------------+----------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9
Severity: normal | Resolution:
Keywords: has-patch close |
-----------------------------+----------------------------------------------
Comment(by Denis-de-Bernardy):
> Escaping in wpdb is abstracted into escape, _escape, _weak_escape and
_real_escape for very good reasons.
Err, I'd say that these various functions exist for extremely bad reasons.
We've banged our head into the table, for years, in order to support
completely obsolete versions of PHP and MySQL. We end up with workarounds
and workarounds around the workarounds.
It's like, heck, escape() should do exactly that: '''escape'''. Not weak,
or real, or maybe, or maybe not, or anything else; plain, simple escape.
There should only be a single method and it should do its job properly.
WP 3.0 probably isn't the right time to clean this mess up, though. Maybe
when we switch to PHP 5.1 and decide whether we start using PDO?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11605#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list