Support » Alpha/Beta/RC » WordPress 3.6 RC2 last minute wpdb::escape deprecation is not nice

  • Developers, please continue to test your plugins and themes, so that if there is a compatibility issue, we can figure it out before the final release. You can find our list of known issues here.

    I tried WordPress 3.6 RC2 and I got very disappointed when I noticed the deprecation of the wpdb::escape function, which was not done in the betas and not even in the RC1.

    What is the purpose of the alphas and betas? Main development should be done there, especially deprecation and api changes, RC are meant for bug fixes only.

    Deprecating a function in an RC2 means not understanding the software life cycles and not giving enough time to developers to fix their plug-ins.

    I know is just a matter of changing to esc_sql for example, but again, I think you understand what I meant.

    [Signature removed by moderator per forum rules.]

Viewing 1 replies (of 1 total)
  • Moderator Andrew Nacin


    Lead Developer

    This is a security-related deprecation.

    wpdb::escape() performs weak escaping. esc_sql() was updated to do “real” escaping, but wpdb::escape() has been abused by too many plugins in non-SQL contexts. Changing to “real” escaping in that situation would break too much.

    We don’t typically deprecate stuff this late, of course. This is extenuating circumstances.

Viewing 1 replies (of 1 total)
  • The topic ‘WordPress 3.6 RC2 last minute wpdb::escape deprecation is not nice’ is closed to new replies.