[wp-trac] [WordPress Trac] #10041: like_escape() should escape backslashes too
WordPress Trac
wp-trac at lists.automattic.com
Sun Feb 28 03:41:09 UTC 2010
#10041: like_escape() should escape backslashes too
----------------------------------+-----------------------------------------
Reporter: miau_jp | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.0
Component: Formatting | Version: 2.8
Severity: normal | Resolution:
Keywords: early has-unit-tests |
----------------------------------+-----------------------------------------
Comment(by miqrogroove):
Replying to [comment:17 Denis-de-Bernardy]:
> tiny note: I think like_escape() should expect *unslashed* data.
In this situation, the choice to go with slashed or unslashed will have no
security impact. like_escape() has an algorithmic requirement for
unslashed data, therefore it is more conservative to explicitly
stripslashes() within the function. Since it is also the case that all
super global values are slashed by WP at load, it makes no sense to
require most like_escape() calls to be preceeded by a call to
stripslashes(). I think the strategy I proposed above holds to that
argument.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10041#comment:18>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list