[wp-trac] [WordPress Trac] #17093: Validation and context parameter for query filter application

WordPress Trac wp-trac at lists.automattic.com
Sat Apr 9 13:54:45 UTC 2011


#17093: Validation and context parameter for query filter application
-------------------------+-----------------------------
 Reporter:  kevinB       |      Owner:
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Query        |    Version:
 Severity:  normal       |   Keywords:  has-patch
-------------------------+-----------------------------
 One improperly implemented query filter can easily crash a site, and this
 risk only increases with use of filterable get_posts() calls throughout
 wp-admin.

 In the most common scenario, a posts_where or posts_request filter fails
 to return a value. Even if the filter was intended for wp-admin but was
 not added selectively based on is_admin(), the site front end is crashed.
 It's the plugin's fault, but leaves the end user wondering why WP can't be
 more robust.

 The associated patch eliminates that scenario by checking is_null() before
 accepting a filtered value.  If null, the filter is ignored, with a
 warning triggered if WP_DEBUG is defined.  Since this validation is
 performed in apply_query_filters() rather than the heavily-used
 apply_filters(), new overhead is minimal.

 Another benefit of a dedicated apply_query_filters() function is the
 ability to apply filters selectively based on a query_context specified by
 supplemental get_posts() calls.  This will also tend to mitigate the scope
 of query filtering errors if use of the context parameter becomes standard
 practice for get_posts() execution and filtering.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17093>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list