[wp-trac] [WordPress Trac] #40825: Re-addressing validation/sanitization of IDs to allow filtering before WP_Post (and others) database query
WordPress Trac
noreply at wordpress.org
Mon May 22 00:12:42 UTC 2017
#40825: Re-addressing validation/sanitization of IDs to allow filtering before
WP_Post (and others) database query
-------------------------------+------------------------------------
Reporter: LindsayBSC | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: 4.7.5
Severity: normal | Resolution:
Keywords: dev-feedback | Focuses: template, performance
-------------------------------+------------------------------------
Comment (by peterwilsoncc):
I've chatted a bit about this to @LindsayBSC in Slack.
A unified approach to object ID validation appeals to me a great deal.
There has been a lot of discussion about integers, BIG INTs and
PHP_INT_MAX recently that highlights the need for something consistent
that works across the board.
I have hit situation where certain post types are hosted remotely with
non-numeric IDs, so can see a use case for the filter. I have significant
concerns about the security implications here as it would only take a
small typo to create big problems. Core would need to defend against this.
I'd like to see some thought into this defence.
tl;dr: +1 on a validation function, in two minds about including the
filter.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40825#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list