[wp-trac] [WordPress Trac] #9705: There should no be no need to strip_slashes() in WP_Widget::update()

WordPress Trac wp-trac at lists.automattic.com
Sat May 2 17:23:46 GMT 2009


#9705: There should no be no need to strip_slashes() in WP_Widget::update()
--------------------------+-------------------------------------------------
 Reporter:  hakre         |       Owner:  anonymous              
     Type:  defect (bug)  |      Status:  new                    
 Priority:  normal        |   Milestone:  2.8                    
Component:  General       |     Version:  2.8                    
 Severity:  normal        |    Keywords:  needs-patch 2nd-opinion
--------------------------+-------------------------------------------------
 The update function seem to require concrete widget implementations to
 stripslashes to only create the value for the new instance even so it is
 documented that the function is there to check for validity not to filter
 input from uncertain sources.

 the need to stripslash here looks bad to me. instead, the values used for
 calling should already be propper sanitized and the server/php
 configuration should not be taken into account any longer here.

 keep in mind that this is not a function in the global namespace but a
 class.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9705>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list