WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 6 years ago

Last modified 6 years ago

#20569 closed defect (bug) (wontfix)

We need addslashes_deep()

Reported by: alexkingorg Owned by:
Milestone: Priority: normal
Severity: major Version: 3.4
Component: General Keywords: has-patch
Focuses: Cc:

Description

I don't imagine anyone still feels that having update_metadata() call stripslashes_deep() is still the Right Thing to do, but I understand why removing it is basically impossible for backward compatibility reasons.

That said, WordPress as a platform does not currently provide a way for this data to be stored accurately as a meta value:

$data = array(
	'Check me out, I have backslashes \\'
);
update_post_meta($post->ID, 'my_key', $data);

I'm not saying that this is a great deal better from a code purity standpoint:

$data = array(
	'Check me out, I have backslashes \\'
);
update_post_meta($post->ID, 'my_key', addslashes_deep($data));

but it's at least explainable.

Telling people they have to do something like this:

$data = array(
	'Check me out, I have backslashes \\'
);
$slashed_data = array();
foreach ($data as $item) {
	$slashed_data[] = addslashes($item);
}
update_post_meta($post->ID, 'my_key', $slashed_data);

or this:

if (!function_exists('addslashes_deep')) {
/**
 * Navigates through an array and adds slashes to the values.
 *
 * If an array is passed, the array_map() function causes a callback to pass the
 * value back to the function. Slashes will be added to this value.
 *
 * @since 3.4.0? (oh please, oh please, oh please)
 *
 * @param array|string $value The array or string to be slashed.
 * @return array|string Slashed array (or string in the callback).
 */
function addslashes_deep($value) {
	if ( is_array($value) ) {
		$value = array_map('addslashes_deep', $value);
	} elseif ( is_object($value) ) {
		$vars = get_object_vars( $value );
		foreach ($vars as $key=>$data) {
			$value->{$key} = addslashes_deep( $data );
		}
	} else {
		$value = addslashes($value);
	}

	return $value;
}
}

$data = array(
	'Check me out, I have backslashes \\'
);
update_post_meta($post->ID, 'my_key', addslashes_deep($data));

is just indefensible.

FWIW, @rboren created this function as part of a patch a couple of years back (#12402), but it hasn't landed yet. Pretty please can we get just this bit in for 3.4?

Attachments (2)

addslashes-deep.diff (1.1 KB) - added by alexkingorg 7 years ago.
addslashes_deep()
addslashes-phpdoc-warning.diff (1.7 KB) - added by alexkingorg 7 years ago.
phpDoc warnings

Download all attachments as: .zip

Change History (9)

@alexkingorg
7 years ago

addslashes_deep()

#1 @alexkingorg
7 years ago

Whoops, that should have been @ryan, not @rboren - but you knew who I was talking about.

#2 @scribu
7 years ago

Related: #18322

#3 @alexkingorg
7 years ago

I think warnings about this are appropriate (phpDoc patch attached).

@alexkingorg
7 years ago

phpDoc warnings

#4 @nacin
7 years ago

  • Keywords 3.5-early added
  • Milestone changed from Awaiting Review to Future Release

#5 @alexkingorg
7 years ago

addslashes_deep() isn't necessarily needed, add_magic_quotes() does what would be needed. Hopefully will be deemed unnecessary due to #21767

#6 @alexkingorg
6 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Per notes above, this ticket is no longer needed in favor of existing functions and also #21767.

#7 @helen
6 years ago

  • Keywords 3.5-early removed
  • Milestone Future Release deleted
Note: See TracTickets for help on using tickets.