[wp-trac] [WordPress Trac] #21989: update_option() calls sanitize_option() twice when option does not exist
WordPress Trac
noreply at wordpress.org
Wed Nov 19 20:11:57 UTC 2025
#21989: update_option() calls sanitize_option() twice when option does not exist
-------------------------------------------------+-------------------------
Reporter: MikeSchinkel | Owner: pbearne
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: Future
| Release
Component: Options, Meta APIs | Version:
Severity: normal | Resolution:
Keywords: dev-feedback has-patch needs- | Focuses:
testing | performance
-------------------------------------------------+-------------------------
Comment (by RavanH):
Yep, ran into this issue when debugging a plugin that needs to save a
google cloud console client id and client secret. The secret is set to be
encrypted on sanitize callback and it turned out that (only) on the very
first save, when the option is not yet in the options table, that client
secret got encrypted twice.
Took me hours to find out this double encryption was happening and had to
code a way around it -- setting a static value like $encryption_done to
true on the first pass -- to prevent the second pass from encrypting the
already encrypted data...
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21989#comment:46>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list