[wp-trac] [WordPress Trac] #10041: like_escape() should escape backslashes too
WordPress Trac
noreply at wordpress.org
Thu May 15 09:51:59 UTC 2014
#10041: like_escape() should escape backslashes too
---------------------------------+-----------------------------
Reporter: miau_jp | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: Future Release
Component: Formatting | Version: 2.8
Severity: normal | Resolution:
Keywords: 4.0-early has-patch | Focuses:
---------------------------------+-----------------------------
Comment (by Denis-de-Bernardy):
Replying to [comment:36 miqrogroove]:
> Replying to [comment:28 Denis-de-Bernardy]:
> > make it clearer that it's not actually escaping anything, but merely
quoting LIKE special chars.
>
> I considered this again. Remember, escape is the verb used in SQL, i.e.
>
> (...)
> so yes, we are actually escaping things in this context.
Of course... but the intent of my remark was to avoid the potential for
confusion in a not-so-competent plugin dev's mind. If it's called
esc_like(), it looks like esc_attr() or esc_sql() and the implicit message
is "secure". If we call it quote_like(), it quotes -- without it sending
any kind of implicit message that may give a false sense of security.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/10041#comment:37>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list