[wp-hackers] Re: 2.0.10 and 2.1.3 Release Candidates

Peter Westwood peter.westwood at ftwr.co.uk
Sat Mar 17 14:37:16 GMT 2007

Alex King wrote:
> I'd recommend an additional refactoring to introduce a single 
> 'wp_escape' function, or similar. The function would accept 2 
> parameters, the string and the type of usage (js, attribute, url, etc.). 
> Both params would be required with no default values to force people to 
> use/set the right one.

I disagree.

This leads to one big function which becomes harder to maintain.

> It's not uncommon for folks to look through the source for a function 
> they need and find/use the wrong one because it's the first the run 
> across. A single function would help alleviate that. Of course we'd have 
> to deprecate the old ones over time.

This should be addressed by using comments in the code which describe 
what the function is to be used for.

A better solution, in my opinion, is to move all these security related 
escaping functions to a single file in wp-includes and document them 
well in that file.

I'd be willing to cook up a patch for this if it would be accepted.

Peter Westwood

More information about the wp-hackers mailing list