[wp-trac] [WordPress Trac] #38035: Clarify function parameters that expect slashed data
WordPress Trac
noreply at wordpress.org
Tue Sep 13 13:23:59 UTC 2016
#38035: Clarify function parameters that expect slashed data
------------------------------------+------------------------------
Reporter: johnbillion | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-docs | Focuses: docs
------------------------------------+------------------------------
Comment (by jdgrimes):
Note that this also bubbles up to many of the higher-level functions in
WordPress that use these lower-level functions. I was working on a
[https://gist.github.com/JDGrimes/7a29ec88d533459345565ae3caabe7d2#file-
expectedslashed-php-L45 PHPCS sniff for detecting params that need to be
slashed] a few months ago, but haven't completed it yet due to the sheer
complexity of it all (some functions accept an array of data, of which
only part is expected to be slashed, while part isn't, etc.). Anyway, it
has a few levels of depth in the list of functions to check, but running
it over core would reveal even more, I think.
It is an enormously convoluted slashing situation in core, and I believe
that we need to get a list of the functions that expect slashed data made
up ASAP so that it doesn't continue to get worse as we use a function that
uses a function that uses a function that expects slashing, and nobody
realizes that data based to that function needs to be slashed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38035#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list