#20569 closed defect (bug) (wontfix)
We need addslashes_deep()
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | major | Version: | 3.4 |
| Component: | General | Keywords: | has-patch |
| Focuses: | Cc: |
Description
I don't imagine anyone still feels that having update_metadata() call stripslashes_deep() is still the Right Thing to do, but I understand why removing it is basically impossible for backward compatibility reasons.
That said, WordPress as a platform does not currently provide a way for this data to be stored accurately as a meta value:
$data = array( 'Check me out, I have backslashes \\' ); update_post_meta($post->ID, 'my_key', $data);
I'm not saying that this is a great deal better from a code purity standpoint:
$data = array( 'Check me out, I have backslashes \\' ); update_post_meta($post->ID, 'my_key', addslashes_deep($data));
but it's at least explainable.
Telling people they have to do something like this:
$data = array(
'Check me out, I have backslashes \\'
);
$slashed_data = array();
foreach ($data as $item) {
$slashed_data[] = addslashes($item);
}
update_post_meta($post->ID, 'my_key', $slashed_data);
or this:
if (!function_exists('addslashes_deep')) {
/**
* Navigates through an array and adds slashes to the values.
*
* If an array is passed, the array_map() function causes a callback to pass the
* value back to the function. Slashes will be added to this value.
*
* @since 3.4.0? (oh please, oh please, oh please)
*
* @param array|string $value The array or string to be slashed.
* @return array|string Slashed array (or string in the callback).
*/
function addslashes_deep($value) {
if ( is_array($value) ) {
$value = array_map('addslashes_deep', $value);
} elseif ( is_object($value) ) {
$vars = get_object_vars( $value );
foreach ($vars as $key=>$data) {
$value->{$key} = addslashes_deep( $data );
}
} else {
$value = addslashes($value);
}
return $value;
}
}
$data = array(
'Check me out, I have backslashes \\'
);
update_post_meta($post->ID, 'my_key', addslashes_deep($data));
is just indefensible.
FWIW, @rboren created this function as part of a patch a couple of years back (#12402), but it hasn't landed yet. Pretty please can we get just this bit in for 3.4?
Attachments (2)
Change History (9)
#1
@
13 years ago
Whoops, that should have been @ryan, not @rboren - but you knew who I was talking about.
#5
@
13 years ago
addslashes_deep() isn't necessarily needed, add_magic_quotes() does what would be needed. Hopefully will be deemed unnecessary due to #21767
addslashes_deep()