WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#17089 closed enhancement (wontfix)

Documentation for "Escaped with Slashes"

Reported by: WraithKenny Owned by:
Milestone: Priority: normal
Severity: trivial Version: 3.1
Component: Inline Docs Keywords:
Focuses: Cc:

Description

Documentation should be updated for wp_filter_kses, and wp_filter_post_kses to mention:

"Escaped with Slashes" is usually expected because wp_magic_quotes escapes $_GET, $_POST, $_COOKIE, $_SERVER, and $_REQUEST early (in the hook system, shortly after 'plugins_loaded' but earlier then 'init' or 'wp_loaded').

It might save a new developer much headache when attempting to choose and use sanitation functions.

Change History (3)

comment:1 scribu3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I don't see why you would add that explanation specifically to those functions.

There are plenty other functions that use similar terminology: "expected slashed".

You take it as it is: it means that it will call stripslashes(). It doesn't and shouldn't care why the data that it's getting is slashed in the first place.

Last edited 3 years ago by scribu (previous) (diff)

comment:2 WraithKenny3 years ago

  • Keywords 2nd-opinion removed

Doesn't matter to me anymore as I've learned the lesson, but some devs new to WordPress may be unaware of wp_magic_quotes and not understand which function to use when attempting to secure their plugins. My thought was to make data sanitation easier, and Plugin work more accessible to n00bs like me.

I did update codex so I suppose that's enough.

comment:3 scribu3 years ago

That's great. :)

Inline docs aren't really the best place for lengthy explanations and tutorials.

Note: See TracTickets for help on using tickets.