[wp-trac] [WordPress Trac] #11605: wpdb::_weak_escape() is an alias to addslashes only
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 27 22:16:54 UTC 2009
#11605: wpdb::_weak_escape() is an alias to addslashes only
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+-------------------------------------------------
Comment(by hakre):
I'm pretty shure those function-names start with {{{_}}} to signal that
they are inteded for private use. That is an idiom in PHP 4 code in the
lack of private members. Since the accesibility of the functions you
refrain is not documented in any way, the extending class can not rely on
the call from escape() to _weak_escape.
@Nacin: Just ask, I can provide you references for that {{{_}}} in
function names and PHP 4.
I'll clean the patch that it is better readable. Maybe it was too hard to
read :)
@Denis: This ticket is not about the jam-packed treasure chest by the god
of escape WP has to offer (this word seems to have some special magic,
just do a fulltext search, if there is a problem, you only need to escape
it :) ). I've just run over this optimization, I'm sure there pretty much
more but when it's left to be fixed, why not improve it? Otherwise this
will never happen... (<- I'm ready-minded to be proven wrong).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11605#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list