[wp-trac] [WordPress Trac] #32257: Patch: add support for multi-line textarea sanitization

WordPress Trac noreply at wordpress.org
Tue May 5 20:15:37 UTC 2015 

#32257: Patch: add support for multi-line textarea sanitization
-------------------------+------------------------------
 Reporter:  ottok        |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Security     |     Version:  trunk
 Severity:  normal       |  Resolution:
 Keywords:  has-patch    |     Focuses:
-------------------------+------------------------------

Comment (by ottok):

 Replying to [comment:3 iandunn]:

 All of the code I added follows the WP coding standards rules on
 whitespace, but I now also styled some of the code inherited from the old
 function. I can format the whole sanitize_text_field() if you think
 current new patch isn't enough.

 (Github has a very good visual diff:
 https://github.com/WordPress/WordPress/compare/master...ottok:feature-
 sanitize-textarea-field that shows what spaces where added to what line)

 I understand the self-explanatory flag rule, but in this case I think
 decreases readability and anyways the rest of the same file uses quite a
 lot of true/false flags, and the name of the variables are long enough to
 make those cases easy to read and understand:
 {{{
 $ grep -E '^function (.*)=' wp-includes/formatting.php
 function wptexturize($text, $reset = false) {
 function wpautop($pee, $br = true) {
 function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset
 = false, $double_encode = false ) {
 function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
 function wp_check_invalid_utf8( $string, $strip = false ) {
 function utf8_uri_encode( $utf8_string, $length = 0 ) {
 function sanitize_user( $username, $strict = false ) {
 function sanitize_title( $title, $fallback_title = '', $context = 'save' )
 {
 function sanitize_title_with_dashes( $title, $raw_title = '', $context =
 'display' ) {
 function sanitize_html_class( $class, $fallback = '' ) {
 function convert_chars($content, $deprecated = '') {
 function balanceTags( $text, $force = false ) {
 function format_to_edit( $content, $richedit = false ) {
 function antispambot( $email_address, $hex_encoding = 0 ) {
 function is_email( $email, $deprecated = false ) {
 function get_gmt_from_date( $string, $format = 'Y-m-d H:i:s' ) {
 function get_date_from_gmt( $string, $format = 'Y-m-d H:i:s' ) {
 function iso8601_to_datetime($date_string, $timezone = 'user') {
 function human_time_diff( $from, $to = '' ) {
 function wp_trim_excerpt($text = '') {
 function wp_trim_words( $text, $num_words = 55, $more = null ) {
 function esc_url( $url, $protocols = null, $_context = 'display' ) {
 function esc_url_raw( $url, $protocols = null ) {
 function wp_html_excerpt( $str, $count, $more = null ) {
 function links_add_base_url( $content, $base, $attrs = array('src',
 'href') ) {
 function links_add_target( $content, $target = '_blank', $tags =
 array('a') ) {
 function wp_strip_all_tags($string, $remove_breaks = false) {
 function sanitize_text_field( $str, $remove_newlines = true ) {
 function wp_basename( $path, $suffix = '' ) {
 }}}

 However, since you took the time to review my code I wanted to humor you
 and changed it to use a verbose flag :)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32257#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list