WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] WordPress 3.6 RC2 last minute wpdb::escape deprecation is not nice (2 posts)

  1. Marco Cimmino
    Member
    Posted 11 months ago #

    Developers, please continue to test your plugins and themes, so that if there is a compatibility issue, we can figure it out before the final release. You can find our list of known issues here.

    I tried WordPress 3.6 RC2 and I got very disappointed when I noticed the deprecation of the wpdb::escape function, which was not done in the betas and not even in the RC1.
    http://core.trac.wordpress.org/changeset/24718

    What is the purpose of the alphas and betas? Main development should be done there, especially deprecation and api changes, RC are meant for bug fixes only.

    Deprecating a function in an RC2 means not understanding the software life cycles and not giving enough time to developers to fix their plug-ins.

    I know is just a matter of changing to esc_sql for example, but again, I think you understand what I meant.

    [Signature removed by moderator per forum rules.]

  2. Andrew Nacin
    Lead Developer
    Posted 11 months ago #

    This is a security-related deprecation.

    wpdb::escape() performs weak escaping. esc_sql() was updated to do "real" escaping, but wpdb::escape() has been abused by too many plugins in non-SQL contexts. Changing to "real" escaping in that situation would break too much.

    We don't typically deprecate stuff this late, of course. This is extenuating circumstances.

Reply

You must log in to post.

About this Topic

Tags

No tags yet.