[wp-hackers] add_magic_quotes() Plans for removal?
Rob Miller
rob at bigfish.co.uk
Mon Mar 7 15:54:42 UTC 2011
On 7 Mar 2011, at 15:51, Chip Bennett wrote:
> Are core decisions normally made based on how they will impact Plugins -
> Plugins which are *not maintained by core*?
>
> I don't have a particular preference on this issue; I just found your
> response to be both interesting, and unexpected.
>
> I hope - and assume - that the core team generally make decisions based
> primarily on what is best for the core project, and for the community as a
> whole. Generally speaking, I would likewise assume that Plugin developers
> are expected to make appropriate modifications when core makes a change such
> as the one discussed below.
>
> (And isn't implementation of such changes exactly why the
> function-deprecation process exists?)
>
> Chip
When the change will potentially render thousands upon thousands of blogs vulnerable to SQL injection — a change for which WordPress would rightfully be blamed — it seems a pertinent consideration. Pandora's box is open; plugins in the wild, perhaps unmaintained for years but still nevertheless in use, are relying upon the slashes WordPress adds for security. There's not really much to be done.
Rob
More information about the wp-hackers
mailing list