[wp-trac] [WordPress Trac] #26111: wp_localize_script array from callback for performance
WordPress Trac
noreply at wordpress.org
Sun Apr 12 21:33:11 UTC 2015
#26111: wp_localize_script array from callback for performance
------------------------------------+-----------------------------
Reporter: ciantic | Owner: wonderboymusic
Type: enhancement | Status: reopened
Priority: high | Milestone: 4.2
Component: Script Loader | Version: 2.6
Severity: normal | Resolution:
Keywords: has-patch dev-feedback | Focuses: performance
------------------------------------+-----------------------------
Comment (by jdgrimes):
Replying to [comment:20 jdgrimes]:
>arrays might not be 100% immune to this
I say this because someone might happen to pass an array that like `array(
'Some_Class', 'some_static_method' )`. Though of course that is far less
likely.
But we might also want to consider the case where someone might be doing
something like this: `wp_localize_script( 'my_script', 'my_js_ob',
$_GET['something'] )`. This might have been safe before. Now it would mean
arbitrary function execution (unless we limit this to only closures).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26111#comment:21>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list