[wp-trac] [WordPress Trac] #57133: $type should be escaping in 'user-new.php'
WordPress Trac
noreply at wordpress.org
Fri Nov 18 02:04:01 UTC 2022
#57133: $type should be escaping in 'user-new.php'
---------------------------+-----------------------------------------------
Reporter: monzuralam | Owner: SergeyBiryukov
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 6.2
Component: Users | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration, coding-standards
2nd-opinion |
---------------------------+-----------------------------------------------
Changes (by SergeyBiryukov):
* owner: (none) => SergeyBiryukov
* status: new => accepted
* milestone: Awaiting Review => 6.2
Comment:
Replying to [comment:6 rudlinkon]:
> but why here [51820] did the string being escaped?
As noted above, this was recently reconsidered for newer bundled themes,
see comment:5:ticket:54127. This commit was done on that ticket.
Replying to [comment:7 peterwilsoncc]:
> My inclination is to add the escaping as a defensive coding measure.
>
> While the variables are set to values that do not require escaping
currently, this may change in the future so it would be good to protect
core contributors from their future selves.
>
> My personal approach is to escape anything that is a variable
Thanks! This does seem like a sensible approach and resolves the second
thoughts I had after my comment.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57133#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list