WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] WordPress 3.6 RC2 last minute wpdb::escape deprecation is not nice (2 posts)

  1. Marco Cimmino
    Member
    Posted 1 year ago #

    Developers, please continue to test your plugins and themes, so that if there is a compatibility issue, we can figure it out before the final release. You can find our list of known issues here.

    I tried WordPress 3.6 RC2 and I got very disappointed when I noticed the deprecation of the wpdb::escape function, which was not done in the betas and not even in the RC1.
    http://core.trac.wordpress.org/changeset/24718

    What is the purpose of the alphas and betas? Main development should be done there, especially deprecation and api changes, RC are meant for bug fixes only.

    Deprecating a function in an RC2 means not understanding the software life cycles and not giving enough time to developers to fix their plug-ins.

    I know is just a matter of changing to esc_sql for example, but again, I think you understand what I meant.

    [Signature removed by moderator per forum rules.]

  2. Andrew Nacin
    Lead Developer
    Posted 1 year ago #

    This is a security-related deprecation.

    wpdb::escape() performs weak escaping. esc_sql() was updated to do "real" escaping, but wpdb::escape() has been abused by too many plugins in non-SQL contexts. Changing to "real" escaping in that situation would break too much.

    We don't typically deprecate stuff this late, of course. This is extenuating circumstances.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.