[wp-trac] [WordPress Trac] #16849: Add a filter for $overrides in wp_handle_upload()
WordPress Trac
noreply at wordpress.org
Thu Sep 5 02:23:42 UTC 2013
#16849: Add a filter for $overrides in wp_handle_upload()
----------------------------------------+------------------
Reporter: iandunn | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.7
Component: Plugins | Version: 3.1
Severity: minor | Resolution:
Keywords: has-patch commit 3.6-early |
----------------------------------------+------------------
Comment (by nacin):
We really, really need to change how this works. Deliberately allowing
people to specify variables so we can EXTR_OVERWRITE them is a recipe for
disaster — or at least, in this case, inflexibility. This function really
scares me because it can encourage bad or insecure code. That, and it
doesn't follow a design pattern we use almost everywhere else.
Is this something we can convert to a more standard $defaults and
wp_parse_args() situation? Then we can do an apply_filters() on that,
followed by extract() with EXTR_SKIP.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16849#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list