[wp-trac] [WordPress Trac] #21767: Remove stripslashes from API functions
WordPress Trac
noreply at wordpress.org
Mon Feb 4 15:38:00 UTC 2013
#21767: Remove stripslashes from API functions
-------------------------------------------------+-------------------------
Reporter: alexkingorg | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 3.6
Component: Formatting | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing needs-unit- |
tests 3.6-early |
-------------------------------------------------+-------------------------
Comment (by ryan):
Clls to esc_sql(), $wpdb->escape(), addslashes(), add_magic_quotes() on
data passed to core API also need to be audited and probably removed.
Escaping should be done with $wpdb->prepare() ( or update() and insert() )
right before the data goes to the DB.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21767#comment:48>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list