[wp-trac] [WordPress Trac] #63727: A new function to sanitize an array
WordPress Trac
noreply at wordpress.org
Tue Jul 22 19:31:57 UTC 2025
#63727: A new function to sanitize an array
-------------------------------------------------+-------------------------
Reporter: davidperez | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests 2nd- | Focuses:
opinion |
-------------------------------------------------+-------------------------
Comment (by SirLouen):
Replying to [ticket:63727 davidperez]:
> In the Plugins Team, when we review plugins, there is a custom function
that many authors use in their development called recursively_sanitize. It
iterates through each value, detects the data type, and executes the
sanitization function that best fits the data.
You probably know the best, but I wonder if other types, apart from
arrays, are also being recursively sanitized on those functions.
Replying to [comment:6 jorbin]:
> I took a look at
[https://github.com/woocommerce/woocommerce/blob/0e996a7ba449ee44282dd46174556cfa0cd270ed/plugins/woocommerce/includes
/wc-formatting-functions.php#L401-L407 wc_clean], and it is seems to just
be calling `sanitize_text_field` on all scalar variables or itself on
arrays. How is this "the sanitization function that best fits the data"?
It appears that checking for scalar is just the weird way they choose for
sanitizing strings. But I also think that the idea itself is decent, just
with some little added tweaks to broaden the scope.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63727#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list