[wp-trac] [WordPress Trac] #25834: WP_Date_Query not allowed values possible
WordPress Trac
noreply at wordpress.org
Tue Nov 11 07:54:31 UTC 2014
#25834: WP_Date_Query not allowed values possible
----------------------------------+---------------------------
Reporter: ChriCo | Owner: boonebgorges
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 4.1
Component: Query | Version: 3.7
Severity: normal | Resolution:
Keywords: has-patch needs-docs | Focuses:
----------------------------------+---------------------------
Changes (by dd32):
* status: closed => reopened
* resolution: fixed =>
Comment:
[29925] introduced a bunch of strings which needlessly use HTML within the
translation strings, and in a few places %d is used when I think %s should
probably be favoured instead.
For example:
{{{
$min_max_msg = __( 'Invalid value <code>%1$s</code> for
<strong>%2$s</strong>. Excepted value should between <code>%3$d</code> and
</code>%4$d</code>.' );
....
$error = sprintf(
$min_max_msg,
esc_html( $date_query[ $key ] ),
$key,
$check['min'],
$check['max']
);
}}}
should
* include `__()` in the `sprintf()` call since it's only used once (and
even if it was used multiple times, it's far easier to read in-line)
* Use {{{ '<code>' . esc_html( $date_query[ $key ] ) . '</code>'}}} in
the replacement instead of including HTML in the translation
* use `esc_html()` over all of the placeholders, even if they're believed
to be safe
* use %s for all placeholders (with numbered args) instead of %d just to
show any invalid data thats passed through to the function (rather than
them being forced to ints) - If it's not possible for it to be a non-int
at this point, that's fine, but I can't tell while within this function if
the data has been validated/reformed at a higher layer
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25834#comment:31>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list