[wp-trac] [WordPress Trac] #17343: update_post_meta removes all slashes
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 29 07:16:14 UTC 2011
#17343: update_post_meta removes all slashes
------------------------------+-----------------------
Reporter: 5ubliminal | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.3
Component: Plugins | Version: 3.1.1
Severity: normal | Resolution:
Keywords: has-patch commit |
------------------------------+-----------------------
Comment (by 5ubliminal):
'''I posted a clear example. Somebody could have just run it.'''
Btw, you need to dig deeper in all functions where ''stripslashes(_deep)''
is called as this is not only in the function I pointed out. It's a
widespread issue.
'''The stripslashes has to go.''' I understand the backward compatibility
issues but it's impossible to guess where I need to slash, double slash,
triple slash or no slash and nobody has time to check the core code in
each function before using it. Those who don't escape their SQL properly
deserve what's coming their way, it's not your job to enforce security and
minimal programming practices. PHP 4 is long gone ''(I hope)'',
RegisterGlobals also ''(I do hope)'' and those who don't escape SQL or
typecast numbers should also go.
Think about plugin developers first, then pimp the UI which is already
great. '''I understand WP is user and not dev-centric'''. That's why
you're just popular, totally not developer friendly... and still far from
your potential.
'''PS''': ''I reserve the right to think that if any of my tickets was
posted by your buddies, it would have gotten a second glance and maybe a
fix.''
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17343#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list