[wp-trac] [WordPress Trac] #16867: Where is it appropriate to use filter_var

WordPress Trac noreply at wordpress.org
Thu May 12 18:24:38 UTC 2022

#16867: Where is it appropriate to use filter_var
 Reporter:  aaroncampbell      |       Owner:  (none)
     Type:  enhancement        |      Status:  reopened
 Priority:  normal             |   Milestone:
Component:  General            |     Version:  3.2
 Severity:  normal             |  Resolution:
 Keywords:  westi-likes close  |     Focuses:
Changes (by desrosj):

 * keywords:  westi-likes => westi-likes close


 Replying to [comment:17 dd32]:
 >  - https://github.com/php/php-src/pull/6573  (2021; Where it's only
 fixed in PHP8+, although an unlikely code branch to used in WP, or
 unlikely to cause issues if so, but a change-in-behaviour between PHP

 I think that this is ultimately going to prevent the use of `filter_var()`
 in WordPress. Even if things are stable and secure, the behavior could
 potentially be different depending on the version of PHP being used, even
 for supported versions like in this example (8.0 and 7.4).

 We could determine that the use of certain filters is consistent across
 versions today, but there's nothing saying that won't change in the
 future. And that would have us trying to backfill the differences
 piecemeal, which may end up being more difficult to maintain and harder to
 see the full picture in the end.

 I personally think this should just be closed out as one of those things
 WordPress can't realistically rely on without more consistency upstream,
 and a change in the project's PHP version support policy to only support
 versions that are actively maintained upstream (security).

Ticket URL: <https://core.trac.wordpress.org/ticket/16867#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list