Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#41812 closed enhancement (invalid)

Admin options affected by theme's functions.php settings

Reported by: logixtree's profile LogixTree Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8.1
Component: Options, Meta APIs Keywords:
Focuses: Cc:

Description

Hello guys,

Today, I was working on issue in admin general options. After following trails of files, started from wp-admin. I reached at theme's functions.php where Developer was adjusting $_POST for his own mean. Isn't it should be separate from the theme's changes. Because these are related to core functionality.

What he was doing is removing the magic quotes with following function and using it multiple times under the more trailing files.

function wope_remove_wp_magic_quotes(){
    $_POST      = array_map( 'stripslashes_deep', $_POST );
    $_GET       = array_map( 'stripslashes_deep', $_GET );
    $_COOKIE    = array_map( 'stripslashes_deep', $_COOKIE );
    $_REQUEST   = array_map( 'stripslashes_deep', $_REQUEST );
}

wope_remove_wp_magic_quotes();

Wordpress adding magic_quotes at wp-settings.php and this guys doing opposite. I know it's theme fault but wordpress core options affected by theme. It should not be the case.

Regards,
Team LogixTree

Change History (1)

#1 @swissspidy
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Well, a theme can do anything a plugin can. They can hook into whatever parts of WordPress they want. There's not really a way to prevent this. It's the developer's fault/choice to do things like this.

Note: See TracTickets for help on using tickets.