Changes between Initial Version and Version 1 of Ticket #62619, comment 12
- Timestamp:
- 03/02/2025 07:18:02 PM (11 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #62619, comment 12
initial v1 14 14 15 15 Yea, perhaps another solution (apart from deprecation) can be found. However the use of `wp_kses_post()` in `wp_admin_notice()` is not inline with any WP conventions as it doesn't really provide anything useful. It does not provide adequate security for untrusted content. On top of that it is "dead code"/unneeded overhead in nearly all cases as the user warnings/messages text is hard-coded. 16 17 Edit: the "other solution" can probably be to introduce `wp_admin_notice_unfiltered()` then change `wp_admin_notice()` to use it. Something like: 18 {{{ 19 function wp_admin_notice( $message, $args = array() ) { 20 do_action( 'wp_admin_notice', $message, $args ); 21 22 $message = wp_kses_post( $message ); 23 24 return wp_admin_notice_unfiltered( $message, $args ); 25 } 26 27 function wp_admin_notice_unfiltered( $message, $args = array() ) { 28 do_action( 'wp_admin_notice_unfiltered', $message, $args ); 29 30 echo wp_get_admin_notice( $message, $args ); 31 } 32 }}}