Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #21989, comment 34


Ignore:
Timestamp:
11/29/2022 03:49:20 AM (19 months ago)
Author:
costdev
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21989, comment 34

    initial v1  
    33Why?
    44
    5 - Anyone can run `sanitize_option()` or `apply_filters( "sanitize_option_{$option}" )` before accidentally passing an unsanitized value to `add_option()/update_option()`. If sanitization in `add_option()` were to rely on whether `"sanitize_option_{$option}"` ran, it would proceed to add the unsafe value to the database.
     5- Anyone can run `sanitize_option()` or `apply_filters( "sanitize_option_{$option}" )` before accidentally passing an unsanitized value to `add_option()`. If sanitization in `add_option()` were to rely on whether `"sanitize_option_{$option}"` ran, it would proceed to add the unsafe value to the database.
    66- The same applies to any filter/action hook in `update_option()` as well.
    77- In short, it's possible to accidentally skip sanitizing if relying on whether a filter has run.