WordPress › This is a reminder that as per ticket 12… « Make WordPress Core Make WordPress Core

Make WordPress Core

Welcome to Make WordPress Core!
- This is the official blog for the core development team of the WordPress open source project. Follow our progress with weekly meeting agendas, project schedules, and the occasional code debate.
- If you'd like to get involved with core, check out our handbook for how to do so.
Email Updates

Subscribe to this blog and receive notifications of new posts by email.
Join 2,363 other subscribers
Current Dev Cycle
- WordPress 3.6 is in development.
- 3.6 Project Schedule
Weekly Developer Chats
- Wednesdays @ 20:00 UTC
- irc.freenode.net
- #wordpress-dev
- About the Dev Chat
- Dev Chat Agendas
- Dev Chat IRC logs
Version 3.6 Teams

Revisions

Lead: Westi
Backup: ethitter
IRC Hours: Mon @ 1600 UTC & Thurs @ 1500 UTC

Autosave

Lead: Ozz
Backup: DH_Shredder
IRC Hours: Tues and Fri @ 2100 UTC

Post Formats

Lead: Helen
Backup: Scott Taylor
IRC Hours: Mon @ 1900 UTC & Thur @ 1600 UTC

Menus

Lead: Dave Martin
Backup: DrewAPicture
IRC Hours: Mon & Thur @ 2000 UTC

Maintenance & Bug Gardening

Lead: Sergey Biryukov

Twenty Thirteen

Lead: Lance Willett
Backup: Konstantin Obenland
IRC Hours: Tues & Thur @ 1700 UTC
IRC Hours are held in #WordPress-dev on Freenode
Recent comments

siobhyb on JSON REST API
siobhyb on OPW Introduction – Hello…
Dan on JSON REST API
tuyendart on JSON REST API
Tips Tuesday – Relea… on Summer of Code Revisions
Search for:
Meta

Hide threads | Keyboard Shortcuts

Ryan Boren 2:48 pm on April 19, 2010 Permalink
Tags: 30compat ( 6 ), backcompat ( 2 )

This is a reminder that as per ticket 12416, 3.0 changes the escaping rules for the option, site option, transient, and site transient functions. Before, they were inconsistent in whether they expected slashed or unslashed data. As of 3.0, they all expect unslashed data. This means $_POST, $_GET, etc. data needs to be stripped before being passed and that data pulled from the DB does not need to be slashed before being passed back to one of these functions. Many (probably most) plugins weren’t properly following the inconsistent rules before so we decided to make it simple and clear and clean up the mess. Note that the slashing is not used for DB security. That is handled by our prepare() function and mysql_real_escape_string(). The slashing rules are back compat holdovers from the bad old days of magic quotes.

Another reminder that escaping rules for… « WordPress Development Updates is discussing. Toggle Comments
- Another reminder that escaping rules for… « WordPress Development Updates 1:02 am on May 28, 2010 Permalink
  
  [...] reminder that escaping rules for… Another reminder that escaping rules for options and transients changed a bit in 3.0. [...]
- WordPress 3.0: What’s new - op111.net 12:03 pm on June 12, 2010 Permalink
  
  [...] Explanation by Ryan Boren at wpdevel.wordpress.com [...]

c: compose new post
j: next post/next comment
k: previous post/previous comment
r: reply
e: edit
o: show/hide comments
t: go to top
l: go to login
h: show/hide help
shift + esc: cancel