[wp-trac] [WordPress Trac] #57686: Introduce wp_trigger_error() to compliment _doing_it_wrong()
WordPress Trac
noreply at wordpress.org
Wed Sep 13 19:21:12 UTC 2023
#57686: Introduce wp_trigger_error() to compliment _doing_it_wrong()
-------------------------------------------------+-------------------------
Reporter: azaozz | Owner:
| hellofromTonya
Type: enhancement | Status: assigned
Priority: normal | Milestone: 6.4
Component: General | Version:
Severity: normal | Resolution:
Keywords: needs-dev-note has-patch has-unit- | Focuses:
tests commit |
-------------------------------------------------+-------------------------
Comment (by azaozz):
Replying to [comment:48 hellofromTonya]:
> These functions (`_doing_it_wrong()`, `wp_trigger_error()`,
`_deprecated_*()`) are developer and debugging tools. The message is not
displayed anywhere unless `WP_DEBUG` is turned on.
Yep, thinking the same. These strings/messages are targeted at developers
and are not (should not ever be) displayed in production. If they were
targeted at users/for use in production I think they should have been
escaped and made "safe" by all means. However thinking it would probably
be enough to document the fact that these functions expect HTML
safe/escaped strings as they generally fall under "developer tools" rather
than "production code".
At the same time thinking that @costdev's approach
[https://core.trac.wordpress.org/ticket/57686?replyto=48#comment:47 above]
makes sense too. Probably would be good to have another (hardening) ticket
for it so it covers all similar cases.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57686#comment:49>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list