Changes between Initial Version and Version 1 of Ticket #12416
- Timestamp:
- 02/27/2010 10:05:47 PM (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #12416
-
Property
Summary
changed from
*_option() should all expect unslashed data.
to*_option(), *_transient() and *_meta() functions should all expect unslashed data.
-
Property
Summary
changed from
-
Ticket #12416 – Description
initial v1 5 5 It's totally irresponsible to expect plugin authors to escape whatever they send into get_option(). As things stand: 6 6 7 - get_option(), delete_option(), get_site_option() bothassume it's slashed7 - get_option(), delete_option(), get_site_option() assume it's slashed 8 8 - add_option(), update_option(), add_site_option() seem to assume it's unslashed, as does __get_option() 9 9 - *_transient() seem to expect unslashed input. … … 11 11 - update_site_option() is equallty special: it needs slashed input if the option is not loaded already, and unslashed input if it is 12 12 13 the list goes on, and on... these inconsistencies, which come on top of the *_meta() functions, are totally nuts and insecure.13 the list goes on, and on... these inconsistencies, which come on top of the *_meta() functions, which expect slashed data. 14 14 15 especially considering calls in WP such as:15 it's totally nuts, insecure, and irresponsible. especially considering calls in WP such as: 16 16 17 17 - get_option("{$size}_crop"); … … 31 31 // ... 32 32 }}} 33 34 we're asking for trouble here...