[wp-trac] [WordPress Trac] #27583: Move color sanitize function to wp-includes/formatting.php

WordPress Trac noreply at wordpress.org
Wed Jul 9 18:38:06 UTC 2014 

#27583: Move color sanitize function to wp-includes/formatting.php
-----------------------------------+-----------------------------
 Reporter:  tollmanz               |       Owner:
     Type:  enhancement            |      Status:  new
 Priority:  normal                 |   Milestone:  Future Release
Component:  Formatting             |     Version:  3.4
 Severity:  normal                 |  Resolution:
 Keywords:  has-patch 2nd-opinion  |     Focuses:  template
-----------------------------------+-----------------------------
Changes (by nacin):

 * milestone:  4.0 => Future Release


Comment:

 [attachment:27583.2.diff] looks good, but I still wonder about the name
 sanitize_hex_color(). It doesn't do sanitization. It does validation.
 Maybe I'm being overly pedantic, but what I think I would want to do is
 introduce validate_hex_color(), which returns either the hex color or
 false; have sanitize_hex_color() wrap it and probably deprecate that
 function; don't add an is_hex_color() as that's just a boolean cast of
 validate_hex_color(); keep sanitize_hex_color_no_hash() and
 maybe_hash_hex_color() where it is.

 sanitize_hex_color_no_hash() and maybe_hash_hex_color() both do actually
 do what their names describe. That's a bit of a stretch for
 sanitize_hex_color_no_hash(), but it *does* remove a hash as appropriate.

 Or we can just treat "sanitization" in this case as validation with a
 twist — rather than confirming whether it is OK, it will go ahead and
 return for you a "sanitized" color, and if it finds stuff it can't
 sanitize (as in, anything but that), it returns false. But that sounds
 like validation.

 Since this function is so trivial (validating a hex color is tremendously
 easy; it's a single regex that will never need to be updated) I don't feel
 too bad about keeping this away from theme developers for a bit longer.
 Moving out of 4.0 for now as it is an enhancement. It could come back in
 easily with a consensus. If everyone disagrees with me or has good reason
 to think that WP has plenty of similar 'sanitize'-named functions that
 don't actually do that, etc., I'm easily sway-able.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/27583#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list