[wp-trac] [WordPress Trac] #12416: *_option(), *_transient() and *_meta() functions should all expect unslashed data.
WordPress Trac
wp-trac at lists.automattic.com
Sun Feb 28 16:43:08 UTC 2010
#12416: *_option(), *_transient() and *_meta() functions should all expect
unslashed data.
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: high | Milestone: 3.0
Component: Security | Version: 3.0
Severity: blocker | Keywords: needs-testing
-------------------------------+--------------------------------------------
Comment(by ryan):
Given how inconsistent core WP itself is about slashing, I'm inclined to
go with this. There will be some back-compat grief, but it's looking like
more plugins are not escaping than are escaping. We'd be servicing the
more popular expectation.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12416#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list