[wp-hackers] Re: 2.0.10 and 2.1.3 Release Candidates
peter.westwood at ftwr.co.uk
Sat Mar 17 14:37:16 GMT 2007
Alex King wrote:
> I'd recommend an additional refactoring to introduce a single
> 'wp_escape' function, or similar. The function would accept 2
> parameters, the string and the type of usage (js, attribute, url, etc.).
> Both params would be required with no default values to force people to
> use/set the right one.
This leads to one big function which becomes harder to maintain.
> It's not uncommon for folks to look through the source for a function
> they need and find/use the wrong one because it's the first the run
> across. A single function would help alleviate that. Of course we'd have
> to deprecate the old ones over time.
This should be addressed by using comments in the code which describe
what the function is to be used for.
A better solution, in my opinion, is to move all these security related
escaping functions to a single file in wp-includes and document them
well in that file.
I'd be willing to cook up a patch for this if it would be accepted.
More information about the wp-hackers