[wp-trac] [WordPress Trac] #18954: Automatically whitelist screen options added via add_screen_option()
WordPress Trac
noreply at wordpress.org
Wed Aug 12 15:42:03 UTC 2015
#18954: Automatically whitelist screen options added via add_screen_option()
-------------------------+-----------------------------
Reporter: mdawaffe | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Plugins | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration
-------------------------+-----------------------------
Comment (by kitchin):
The filter for updating unknown options in misc.php,
`$value = apply_filters( 'set-screen-option', false, $option, $value );`
has a major flaw. It implies plugins should return `false` by default,
rather than `$value`. If more than one plugin is hooking in, they will
wipe out each other's options if they return false on any $option they
don't recognize, which I've seen in several tutorials online.
The filter is followed by:
{{{
if ( false === $value ) return; // ...
update_user_meta($user->ID, $option, $value);
wp_safe_redirect(...);
}}}
Because it's an early hook, plugins have to hook in universally, unless
they parse `$_GET['page']`.
Conflicting goals:
* Do not save unconfirmed data to the db.
* Plugins should pass through data that does not belong to them.
I can write a patch to add a hook if people think it would be accepted:
`$value = apply_filters( "set-screen-option_$option", false, $value );`
Then maybe deprecate the old filter (can we do that before a redirect?),
but in any case let the new filter override it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/18954#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list