[wp-trac] [WordPress Trac] #19877: wp_kses_stripslashes() should account for single quotes too
WordPress Trac
noreply at wordpress.org
Fri Jan 17 09:58:28 UTC 2014
#19877: wp_kses_stripslashes() should account for single quotes too
-----------------------------+----------------------
Reporter: ethitter | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Formatting | Version: 3.3.1
Severity: normal | Resolution: wontfix
Keywords: has-patch close |
-----------------------------+----------------------
Changes (by nacin):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Replying to [comment:1 duck_]:
> wp_kses_stripslashes is a legacy function that had to be used to deal
with addslashes() run when using preg_replace() and the eval modifier. The
double quotes remained slashed because the backreference in the PHP string
to be evaluated [http://core.trac.wordpress.org/browser/trunk/wp-
includes/kses.php?rev=2897#L80 was in single quotes], so a custom slash
removal function was used to remove slashes from in front of double
quotes.
>
> I would prefer to actually remove the call as it's no longer necessary.
If you're passing slashed data to kses it should be stripped first --
which is why we do stripslashes in wp_filter_kses(). Unfortunately
removing the call would cause breakage for those passing in slashed data
containing double quoted attributes as this happens to work at the moment.
Seems like closing this (after two years) is in order.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/19877#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list