[wp-trac] [WordPress Trac] #17093: Validation and context parameter for query filter application
WordPress Trac
wp-trac at lists.automattic.com
Sat Apr 9 13:54:45 UTC 2011
#17093: Validation and context parameter for query filter application
-------------------------+-----------------------------
Reporter: kevinB | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version:
Severity: normal | Keywords: has-patch
-------------------------+-----------------------------
One improperly implemented query filter can easily crash a site, and this
risk only increases with use of filterable get_posts() calls throughout
wp-admin.
In the most common scenario, a posts_where or posts_request filter fails
to return a value. Even if the filter was intended for wp-admin but was
not added selectively based on is_admin(), the site front end is crashed.
It's the plugin's fault, but leaves the end user wondering why WP can't be
more robust.
The associated patch eliminates that scenario by checking is_null() before
accepting a filtered value. If null, the filter is ignored, with a
warning triggered if WP_DEBUG is defined. Since this validation is
performed in apply_query_filters() rather than the heavily-used
apply_filters(), new overhead is minimal.
Another benefit of a dedicated apply_query_filters() function is the
ability to apply filters selectively based on a query_context specified by
supplemental get_posts() calls. This will also tend to mitigate the scope
of query filtering errors if use of the context parameter becomes standard
practice for get_posts() execution and filtering.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17093>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list