Opened 8 years ago
Closed 6 years ago
#38035 closed defect (bug) (duplicate)
Clarify function parameters that expect slashed data
Reported by: | johnbillion | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | needs-patch needs-docs close |
Focuses: | docs | Cc: |
Description
The following functions expect slashed data to be passed to at least one of their parameters.
A note should be added to each affected @param
doc stating that the parameter expects slashed data, in addition to any mention of slashed data in the function description.
wp_(insert|update)_(post|user)
(add|update|delete)_(post|term|user|comment)_meta
(add|update|delete)_metadata
There's most likely a bunch more affected functions.
Change History (6)
#2
@
8 years ago
Note that this also bubbles up to many of the higher-level functions in WordPress that use these lower-level functions. I was working on a PHPCS sniff for detecting params that need to be slashed a few months ago, but haven't completed it yet due to the sheer complexity of it all (some functions accept an array of data, of which only part is expected to be slashed, while part isn't, etc.). Anyway, it has a few levels of depth in the list of functions to check, but running it over core would reveal even more, I think.
It is an enormously convoluted slashing situation in core, and I believe that we need to get a list of the functions that expect slashed data made up ASAP so that it doesn't continue to get worse as we use a function that uses a function that uses a function that expects slashing, and nobody realizes that data based to that function needs to be slashed.
Based on the phpDoc standard, maybe we could do a tag specialisation for
@param
? Something like: