[wp-trac] [WordPress Trac] #10041: like_escape() should escape backslashes too

WordPress Trac noreply at wordpress.org
Tue Jun 10 22:25:13 UTC 2014 

#10041: like_escape() should escape backslashes too
---------------------------------+-----------------------------
 Reporter:  miau_jp              |       Owner:  wonderboymusic
     Type:  defect (bug)         |      Status:  reopened
 Priority:  high                 |   Milestone:  4.0
Component:  Formatting           |     Version:  2.8
 Severity:  normal               |  Resolution:
 Keywords:  4.0-early has-patch  |     Focuses:
---------------------------------+-----------------------------

Comment (by johnjamesjacoby):

 Replying to [comment:63 miqrogroove]:
 > Using esc_like() without a database is a rare situation that would not
 be encountered by novice programmers.  There's nothing wrong with adding
 another function, but it's unnecessary.
 Not "without a database" – without defining the `$wpdb` global in the
 current PHP scope.

 > Regarding deprecation: Seems like a lot of fuss over a one-line
 function. It won't be used in core anymore, and however that's signaled is
 great.
 Deprecated notices are good things for developer optics, but they're bad
 for plugins that wish to support older WordPress versions in newer plugin
 versions. We end up writing our own versions of these functions just to
 handle the `function_exists()` checks.

 > The problem with 10041.8.diff is that we can't call esc_like() from
 like_escape(). They have different and incompatible output.
 There are a few places in r28712 where they are swapped out directly. If
 they are indeed two functions doing two separate things, deprecating
 `like_escape()` without an equal alternative isn't deprecation, it's
 elimination. If that's truly the intent, I'd suggest a post to
 make.wordpress.org/core explaining what the original problem is and what
 steps plugin authors need to take to secure their code and comply with
 this new approach.

 (Just read the comments backlog; sorry for not having done so further.
 Noticed my patch goes against the decisions made above, but hopefully
 highlights the confusion that plugin authors will run into without
 documentation and a migration plan.)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/10041#comment:65>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list