AlternativeFunctions: suggest using wp_(un)slash() #1466
Conversation
The WP `wp_slash()` and `wp_unslash()` functions are capable of (un)slashing both strings, as well as (nested) arrays, while the PHP native functions can only handle strings. For input variables, you typically encounter arrays in forms. For instance when a checkbox or dropdown field can accept multiple values. however, the usage of arrays in input variables is definitely not limited to those examples. With that in mind, I'd like to suggest adding a recommendation to use these functions instead of the PHP native ones to the `AlternativeFunctions` sniff.
|
@WordPress-Coding-Standards/wpcs-admins Anyone has an opinion on this proposal ? |
|
I agree. I think the original purpose being |
|
The other side of what @westonruter pointed out is that these functions should really only be used in the context of dealing with magic quotes. Unrelated slashing and unslashing operations shouldn't use them. |
Well, for slashing/unslashing related to database operations, the functions shouldn't be used either as prepared SQL should be used instead. Let's gather some examples of situations in which it would be preferred to use the PHP native functions over the WP versions. Depending on the examples, either the sniff could try to account for the context in which the functions are used or this PR will be closed. |
The WP
wp_slash()andwp_unslash()functions are capable of (un)slashing both strings, as well as (nested) arrays, while the PHP native functions can only handle strings.For input variables, you typically encounter arrays in forms. For instance when a checkbox or dropdown field can accept multiple values. however, the usage of arrays in input variables is definitely not limited to those examples.
With that in mind, I'd like to suggest adding a recommendation to use these functions instead of the PHP native ones to the
AlternativeFunctionssniff.Refs: