[wp-trac] [WordPress Trac] #16867: Where is it appropriate to use filter_var
WordPress Trac
noreply at wordpress.org
Thu May 12 18:24:38 UTC 2022
#16867: Where is it appropriate to use filter_var
-------------------------------+-----------------------
Reporter: aaroncampbell | Owner: (none)
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 3.2
Severity: normal | Resolution:
Keywords: westi-likes close | Focuses:
-------------------------------+-----------------------
Changes (by desrosj):
* keywords: westi-likes => westi-likes close
Comment:
Replying to [comment:17 dd32]:
> - https://github.com/php/php-src/pull/6573 (2021; Where it's only
fixed in PHP8+, although an unlikely code branch to used in WP, or
unlikely to cause issues if so, but a change-in-behaviour between PHP
versions)
I think that this is ultimately going to prevent the use of `filter_var()`
in WordPress. Even if things are stable and secure, the behavior could
potentially be different depending on the version of PHP being used, even
for supported versions like in this example (8.0 and 7.4).
We could determine that the use of certain filters is consistent across
versions today, but there's nothing saying that won't change in the
future. And that would have us trying to backfill the differences
piecemeal, which may end up being more difficult to maintain and harder to
see the full picture in the end.
I personally think this should just be closed out as one of those things
WordPress can't realistically rely on without more consistency upstream,
and a change in the project's PHP version support policy to only support
versions that are actively maintained upstream (security).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16867#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list