[wp-trac] [WordPress Trac] #22400: Remove all, or at least most, uses of extract() within WordPress
WordPress Trac
noreply at wordpress.org
Tue May 13 14:49:59 UTC 2014
#22400: Remove all, or at least most, uses of extract() within WordPress
-------------------------------------------------+-------------------------
Reporter: Viper007Bond | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future
Component: General | Release
Severity: normal | Version: 3.4.2
Keywords: westi-likes needs-testing has-patch | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Comment (by jmlapam):
To my knowledge extract() take all params from array so it could be very
bad to use it when datas come from user. The documentation says extract an
take some additional args to avoid bad behavior e.g prefix.
My question regards shortcodes. I use them all the time so do you
recommand to remove extract from all our shortcode callbacks?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/22400#comment:48>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list