Changeset 61590

Timestamp:

02/04/2026 06:51:51 PM (3 months ago)

Author:

westonruter

Message:

Formatting: Deprecate the addslashes_gpc() function.

This deprecates addslashes_gpc() in favor of wp_slash(), as the former is just a wrapper for the latter. The three remaining uses of addslashes_gpc() (in WP_Query) have been replaced with wp_slash(). Unit tests are added to verify that they have the same behavior.

Developed in ​https://github.com/WordPress/wordpress-develop/pull/10771

Follow-up to [23591], [23555].

Props rutviksavsani, audrasjb, westonruter, mindctrl, johnbillion.
See #21767.
Fixes #64539.

Location:

trunk

Files:

• src/wp-includes/class-wp-query.php (modified) (3 diffs)
• src/wp-includes/deprecated.php (modified) (2 diffs)
• src/wp-includes/formatting.php (modified) (1 diff)
• tests/phpunit/tests/formatting/wpSlash.php (modified) (1 diff)

trunk/src/wp-includes/class-wp-query.php

@@ -2387 +2387 @@
 
         if ( ! empty( $query_vars['author'] ) && '0' != $query_vars['author'] ) {
-            $query_vars['author'] = addslashes_gpc( '' . urldecode( $query_vars['author'] ) );
+            $query_vars['author'] = wp_slash( '' . urldecode( $query_vars['author'] ) );
             $authors              = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $query_vars['author'] ) ) );
             sort( $authors );
@@ -2506 +2506 @@
             if ( is_array( $query_vars['orderby'] ) ) {
                 foreach ( $query_vars['orderby'] as $_orderby => $order ) {
-                    $orderby = addslashes_gpc( urldecode( $_orderby ) );
+                    $orderby = wp_slash( urldecode( $_orderby ) );
                     $parsed  = $this->parse_orderby( $orderby );
 
@@ -2519 +2519 @@
             } else {
                 $query_vars['orderby'] = urldecode( $query_vars['orderby'] );
-                $query_vars['orderby'] = addslashes_gpc( $query_vars['orderby'] );
+                $query_vars['orderby'] = wp_slash( $query_vars['orderby'] );
 
                 foreach ( explode( ' ', $query_vars['orderby'] ) as $i => $orderby ) {

trunk/src/wp-includes/deprecated.php

@@ -6482 +6482 @@
 
 /**
+ * Adds slashes to a string or recursively adds slashes to strings within an array.
+ *
+ * This function is just a wrapper for `wp_slash()`. It was originally related to
+ * magic quotes functionality which was deprecated in PHP 5.3.0 and removed in PHP 5.4.0.
+ *
+ * @since 0.71
+ * @deprecated 7.0.0 Use wp_slash() instead.
+ * @see wp_slash()
+ *
+ * @param string|array $gpc String or array of data to slash.
+ * @return string|array Slashed `$gpc`.
+ */
+function addslashes_gpc( $gpc ) {
+    _deprecated_function( __FUNCTION__, '7.0.0', 'wp_slash()' );
+    return wp_slash( $gpc );
+}
+
+/**
  * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
  *
@@ -6509 +6527 @@
     return $attributes_string;
 }
-

trunk/src/wp-includes/formatting.php

@@ -2839 +2839 @@
 
 /**
- * Adds slashes to a string or recursively adds slashes to strings within an array.
- *
- * @since 0.71
- *
- * @param string|array $gpc String or array of data to slash.
- * @return string|array Slashed `$gpc`.
- */
-function addslashes_gpc( $gpc ) {
-    return wp_slash( $gpc );
-}
-
-/**
  * Navigates through an array, object, or scalar, and removes slashes from the values.
  *

trunk/tests/phpunit/tests/formatting/wpSlash.php

@@ -102 +102 @@
         $this->assertSame( array( $new ), wp_slash( array( $old ) ) ); // Non-keyed.
     }
+
+    /**
+     * Tests that addslashes_gpc() returns the same result as wp_slash() for strings.
+     *
+     * @ticket 64539
+     * @covers ::addslashes_gpc
+     * @expectedDeprecated addslashes_gpc
+     */
+    public function test_addslashes_gpc_matches_wp_slash_for_strings() {
+        $input = "String with 'quotes' and \"double quotes\"";
+        $this->assertSame( wp_slash( $input ), addslashes_gpc( $input ) );
+    }
+
+    /**
+     * Tests that addslashes_gpc() returns the same result as wp_slash() for arrays.
+     *
+     * @ticket 64539
+     * @covers ::addslashes_gpc
+     * @expectedDeprecated addslashes_gpc
+     */
+    public function test_addslashes_gpc_matches_wp_slash_for_arrays() {
+        $input = array(
+            'field1' => "Value with 'apostrophe'",
+            'field2' => 'Value with "quotes"',
+            'field3' => 'user@example.com',
+            'nested' => array(
+                'key1' => 'Nested value with \\ backslash',
+                'key2' => array( 'deeply', 'nested', 'array' ),
+            ),
+        );
+
+        $this->assertSame( wp_slash( $input ), addslashes_gpc( $input ) );
+    }
 }