[wp-trac] [WordPress Trac] #22873: Consider moving to a notice for $wpdb->prepare in 3.5.1
WordPress Trac
noreply at wordpress.org
Wed Dec 12 07:20:10 UTC 2012
#22873: Consider moving to a notice for $wpdb->prepare in 3.5.1
-------------------+------------------------------
Reporter: nacin | Type: defect (bug)
Status: new | Priority: low
Milestone: 3.5.1 | Component: Warnings/Notices
Version: 3.5 | Severity: minor
Keywords: |
-------------------+------------------------------
This is either a 3.5.1 fix, or a wontfix.
See #22262 and http://make.wordpress.org/core/2012/12/12/php-warning-
missing-argument-2-for-wpdb-prepare/. Then see my comment
[https://github.com/WordPress/WordPress/commit/e588812a498f0d0f8321a7d61b0b67ea59ea3c43#commitcomment-2293701
here]:
> We probably could have had it generate a notice in 3.5 and a warning in
3.6, but I was incredibly torn by the idea of shipping a notice that most
developers wouldn't even see (let alone give themselves a chance to ignore
it) when this is, at its heart, a potential security issue. Issuing a
warning seemed like the most responsible thing to do, despite the
(relatively minor) pain it'll cause.
>
> A side-note, we've gotten very good (I say this facetiously) about
accidentally breaking plugins that were doing something wrong in a major
release, only to fix the issue in the next minor release after all of the
plugins have updated for it. Happened with JavaScript enqueueing hooks in
both 3.2 and 3.4. This was indeed a deliberate change, but there's nothing
preventing us from moving to a notice in 3.5.1, then back to a warning in
3.6 again (hopefully giving developers some cover to make changes).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22873>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list