WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 7 months ago

#38035 closed defect (bug) (duplicate)

Clarify function parameters that expect slashed data

Reported by: johnbillion Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: needs-patch needs-docs close
Focuses: docs Cc:
PR Number:

Description

The following functions expect slashed data to be passed to at least one of their parameters.

A note should be added to each affected @param doc stating that the parameter expects slashed data, in addition to any mention of slashed data in the function description.

  • wp_(insert|update)_(post|user)
  • (add|update|delete)_(post|term|user|comment)_meta
  • (add|update|delete)_metadata

There's most likely a bunch more affected functions.

Change History (6)

#1 @rmccue
3 years ago

Based on the phpDoc standard, maybe we could do a tag specialisation for @param? Something like:

/**
 * @param:preslashed array $data Post data for the function.
 */

#2 @jdgrimes
3 years ago

Note that this also bubbles up to many of the higher-level functions in WordPress that use these lower-level functions. I was working on a PHPCS sniff for detecting params that need to be slashed a few months ago, but haven't completed it yet due to the sheer complexity of it all (some functions accept an array of data, of which only part is expected to be slashed, while part isn't, etc.). Anyway, it has a few levels of depth in the list of functions to check, but running it over core would reveal even more, I think.

It is an enormously convoluted slashing situation in core, and I believe that we need to get a list of the functions that expect slashed data made up ASAP so that it doesn't continue to get worse as we use a function that uses a function that uses a function that expects slashing, and nobody realizes that data based to that function needs to be slashed.

This ticket was mentioned in Slack in #docs by morganestes. View the logs.


3 years ago

#4 @desrosj
7 months ago

@johnbillion can this be closed as a duplicate of #41593? There is more momentum there.

#5 @desrosj
7 months ago

  • Keywords close added

#6 @johnbillion
7 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #41593.

Note: See TracTickets for help on using tickets.