[wp-trac] [WordPress Trac] #44637: Escape strings in wp-admin/themes.php
WordPress Trac
noreply at wordpress.org
Tue Jul 24 20:39:56 UTC 2018
#44637: Escape strings in wp-admin/themes.php
-----------------------------------------+-------------------------------
Reporter: milana_cap | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch reporter-feedback | Focuses: coding-standards
-----------------------------------------+-------------------------------
Comment (by milana_cap):
Hi @SergeyBiryukov,
Thank you for prompt reply. I understand the "trusted" aspect and I
apologise for re-opening the discussion.
However, being a developer who often looks into core in order to learn
best practice, I find it rather frustrating that examples of good escaping
are missing. And this is not something trivial, this is important security
matter about which developers have nowhere to learn from. DevHub does
explain things in theory and have a few examples but that doesn't cover
every situation (like few strings in this file I didn't know how to escape
and couldn't find examples anywhere).
If the best practice for WordPress code is not in WordPress core then
where should it be?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44637#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list