Changes between Initial Version and Version 1 of Ticket #21989, comment 34
- Timestamp:
- 11/29/2022 03:49:20 AM (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21989, comment 34
initial v1 3 3 Why? 4 4 5 - Anyone can run `sanitize_option()` or `apply_filters( "sanitize_option_{$option}" )` before accidentally passing an unsanitized value to `add_option() /update_option()`. If sanitization in `add_option()` were to rely on whether `"sanitize_option_{$option}"` ran, it would proceed to add the unsafe value to the database.5 - Anyone can run `sanitize_option()` or `apply_filters( "sanitize_option_{$option}" )` before accidentally passing an unsanitized value to `add_option()`. If sanitization in `add_option()` were to rely on whether `"sanitize_option_{$option}"` ran, it would proceed to add the unsafe value to the database. 6 6 - The same applies to any filter/action hook in `update_option()` as well. 7 7 - In short, it's possible to accidentally skip sanitizing if relying on whether a filter has run.