[wp-trac] [WordPress Trac] #9705: There should no be no need to
strip_slashes() in WP_Widget::update()
WordPress Trac
wp-trac at lists.automattic.com
Sat May 2 17:23:46 GMT 2009
#9705: There should no be no need to strip_slashes() in WP_Widget::update()
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: anonymous
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8
Component: General | Version: 2.8
Severity: normal | Keywords: needs-patch 2nd-opinion
--------------------------+-------------------------------------------------
The update function seem to require concrete widget implementations to
stripslashes to only create the value for the new instance even so it is
documented that the function is there to check for validity not to filter
input from uncertain sources.
the need to stripslash here looks bad to me. instead, the values used for
calling should already be propper sanitized and the server/php
configuration should not be taken into account any longer here.
keep in mind that this is not a function in the global namespace but a
class.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9705>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list