WordPress-Coding-Standards icon indicating copy to clipboard operation
WordPress-Coding-Standards copied to clipboard

Published 20 hours ago verified publisher icon WordPress

WordPress.Security.ValidatedSanitizedInput.MissingUnslash does not accept stripslashes()

Open Oreolek opened this issue 1 year ago • 3 comments

This is weird, but WordPress.Security.ValidatedSanitizedInput.MissingUnslash sniff accepts only stripslashes_deep (type-ignorant) or stripslashes_from_strings_only (type-ignorant) and does not accept the plain type-strict stripslashes.

Oreolek avatar Nov 08 '23 09:11 Oreolek

Because stripslashes isn't enough since it doesn't act recursively I guess? (e.g. if the type is an array)

kkmuffme avatar Mar 25 '24 10:03 kkmuffme

but what if the type is not an array?

Oreolek avatar Mar 26 '24 03:03 Oreolek

phpcs is not static analysis, so it wouldn't know.

kkmuffme avatar Mar 27 '24 08:03 kkmuffme