This is a reminder that as per ticket 12…

This is a reminder that as per ticket 12416, 3.0 changes the escaping rules for the option, sitesite (versus network, blog) option, transient, and site transient functions. Before, they were inconsistent in whether they expected slashed or unslashed data. As of 3.0, they all expect unslashed data. This means $_POST, $_GET, etc. data needs to be stripped before being passed and that data pulled from the DB does not need to be slashed before being passed back to one of these functions. Many (probably most) plugins weren’t properly following the inconsistent rules before so we decided to makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). it simple and clear and clean up the mess. Note that the slashing is not used for DB security. That is handled by our prepare() function and mysql_real_escape_string(). The slashing rules are back compatback compat Backward compatibility - a desire to ensure that plugins and themes do not break under new releases - is a driving philosophy of WordPress. While it is a commonly accepted software development practice to break compatibility in major releases, WordPress strives to avoid this at all costs. Any backward incompatible change is carefully considered by the entire core development team and announced, with affected plugins often contacted. It should be noted that external libraries, such as jQuery, do have backward incompatible changes between major releases, which is often going to be a greater concern for developers. holdovers from the bad old days of magic quotes.

#3-0, #dev-notes