WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#14910 closed defect (bug) (fixed)

Simplify sanitize_key() and use it in more places

Reported by: ryan Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version:
Component: Performance Keywords: has-patch
Focuses: Cc:

Description

sanitize_key() does some unnecessary work that can be eliminated.

sanitize_user() is still being called in places where sanitize_key() should be used and can burn up to a percent of page load time. It is called 26 times for a default install. Using a simplified sanitize_key() instead of sanitize_user() will save a little time.

Attachments (3)

sanitize_key-for-taxonomies.patch (433 bytes) - added by WraithKenny 4 years ago.
Use sanitize_key in register_taxonomy for compatibilty with register_post_type
sanitize_key-for-taxonomies-2.patch (558 bytes) - added by WraithKenny 4 years ago.
Use sanitize_key in register_taxonomy and account for arrays
key-instead-of-user-in-ms-functions.patch (540 bytes) - added by WraithKenny 4 years ago.
Use sanitize_key for wpmu_create_blog in ms-functions

Download all attachments as: .zip

Change History (15)

comment:2 @ryan4 years ago

sanitize_key() could be simplified a little more, but I want to audit how plugins are using it and what kind of strings are being used from post type and status keys.

comment:3 @sboisvert4 years ago

  • Cc sboisvert added

If I may just add to this, I encountered some very unexpected behavior when I started adding actions to sanitize_user since I wasn't aware that it was being used to sanitize the initial post types and many other things and when I added checks to make sure my username's followed a certain convention, all hell broke loose.
I therefore strongly support this. Thank you Ryan.

comment:4 @jane4 years ago

  • Keywords needs-patch added

@ryan: what are your thoughts following the plugin audit? Should decide and patch as needed asap if wanting to do it for 3.1 by freeze.

comment:5 @WraithKenny4 years ago

Does this mean that $post_type in register_post_type() only supports lowercase alpha-numeric names?

comment:6 @WraithKenny4 years ago

To clarify: Plugins that register "preFix_Post_Type" will become "prefixposttype" and break.

comment:7 @WraithKenny4 years ago

Seems setting the correct map_meta_cap value corrected my issues (See #14122), and from what I can tell, the old way disallowed Upper also no problem. (I should of looked at the patch more closely, sorry :)

@WraithKenny4 years ago

Use sanitize_key in register_taxonomy for compatibilty with register_post_type

@WraithKenny4 years ago

Use sanitize_key in register_taxonomy and account for arrays

@WraithKenny4 years ago

Use sanitize_key for wpmu_create_blog in ms-functions

comment:8 @WraithKenny4 years ago

I did a search on sanitize_user, and everything left (17 results) looks like it actually does deal with users.

comment:9 @WraithKenny4 years ago

  • Keywords has-patch added; needs-patch removed

comment:10 @ryan4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

comment:11 @ryan4 years ago

(In [16848]) Go back to sanitize_user() so that dots are allowed. Props ocean90. see #14910

comment:12 @nacin4 years ago

Suggesting we revert the rest of [16822] in #15982.

Note: See TracTickets for help on using tickets.