[wp-trac] [WordPress Trac] #21892: sanitize_option() adds and strip slashes to use the wrong kses functions
WordPress Trac
wp-trac at lists.automattic.com
Fri Sep 14 19:31:25 UTC 2012
#21892: sanitize_option() adds and strip slashes to use the wrong kses functions
-------------------+--------------------------
Reporter: nacin | Type: defect (bug)
Status: new | Priority: normal
Milestone: 3.5 | Component: Formatting
Version: | Severity: normal
Keywords: |
-------------------+--------------------------
sanitize_option() does this:
{{{
$value = addslashes($value);
$value = wp_filter_post_kses( $value ); // calls stripslashes then
addslashes
$value = stripslashes($value);
}}}
When it should instead do this:
{{{
$value = wp_kses_post( $value );
}}}
Likewise for wp_filter_kses() versus wp_kses_data().
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21892>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list