[wp-trac] [WordPress Trac] #14758: Do not run kses on display filters for front page views
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 1 21:28:32 UTC 2010
#14758: Do not run kses on display filters for front page views
-------------------------+--------------------------------------------------
Reporter: ryan | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.1
Component: Performance | Version:
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
Several display filters run wp_kses_data and other heavyweight functions.
These functions are already run when saving. They were added to the
display filters as a defense-in-depth for the possibility of an exploit
sneaking things into the DB. Running these on the display causes a
serious performance hit, however. wp_list_bookmarks() running kses on the
link fields can burn up 10% of the total page load time. Let's limit
running these functions to admin page displays. Displaying bad fields in
the admin is more dangerous since those fields can cover their tracks. We
can lose the belt and suspenders approach for front page displays where
performance is more critical.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14758>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list