[wp-trac] [WordPress Trac] #13317: Code Impriovement in get_userdata
WordPress Trac
wp-trac at lists.automattic.com
Thu May 13 18:53:30 UTC 2010
#13317: Code Impriovement in get_userdata
------------------------------------+---------------------------------------
Reporter: hakre | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.0
Component: Security | Version:
Severity: major | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+---------------------------------------
Comment(by nacin):
> The Absint() function should be put on the deprecated list and replaced
with a single function call
We use absint() everywhere -- it's a well-known shortcut for plugin
developers that does `abs( intval( $val ) )`, or alternatively `abs( (int)
$val )`. It's not going anywhere. We didn't need the test cases to prove
that they're the same :-)
> What I'm meaning is that get_userdata(garbage) should not return an
admin user on 99% of sites. It should fail and return false, zero,
whatever.
Garbage will almost always evaluate to false on absint(), which will mean
get_userdata will return false. I'm still missing the point.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13317#comment:15>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list