Home » Questions » Why does WordPress still use addslashes(), register_globals() and magic_quotes? » Comments for "Why does WordPress still use addslashes(), register_globals() and magic_quotes?"

Comments for "Why does WordPress still use addslashes(), register_globals() and magic_quotes?"

  • Rick
    It does seem like a terrible idea, but wordpress has a huge history of keeping compatibility. Did you notice if those are always called? Or could it just be something enabled optionally for those with an old plugin, theme or other hack that is not updated?

    NOTE: This comment was originally posted at StackOverflow.com by Louis-Philippe Huberdeau

  • Carolyn
    I think all of those are terribly bad practice and believe that they are result of laziness or worse. :)

    NOTE: This comment was originally posted at StackOverflow.com by Vyktor

  • Rick
    Letting your users upgrade to a later version of the application by opening potential security breaches they used to have is still better than letting them at an older version that has published vulnerabilities. The risks are very real in an application as popular as wordpress.

    NOTE: This comment was originally posted at StackOverflow.com by Louis-Philippe Huberdeau

  • Wayne
    100% sure about the first two being called, haven't dived that far into the db class yet, but I saw them using _weak_escape() more than once. I don't think its laziness, they've had YEARS to improve their code, and it's not they lack developers, I think...

    NOTE: This comment was originally posted at StackOverflow.com by Damien Pirsy

  • Jerry
    qdb.us/307623 ....

    NOTE: This comment was originally posted at StackOverflow.com by Wrikken

  • Peter
    Wordpress is generally considered as one of the worst PHP codebases. The usual approach is "it works, but please, don't try looking into it's code". You can actually learn many things from WP code as it basically shows all bad practices for PHP code.

    NOTE: This comment was originally posted at StackOverflow.com by NikiC

  • Dean
    What is sad is that "programmers" that code in "wordpress framework", are making more money than real programmers... No, you should not use it because of a reason.

    NOTE: This comment was originally posted at StackOverflow.com by webarto

  • Jimmy
    Stop asking and fix it, haha! That's why open source needs you, so you can find this problems, and fix them.

    NOTE: This comment was originally posted at StackOverflow.com by nycynik

  • Douglas
    Small quibble - WordPress is not at its "3rd version", as it does not use typical MAJ.MIN.PNT release methodology. It just increments by .1 at each release, with point releases for security and non-functionality changing bug fixes. I think I remember reading that the core team tries to do two releases each year. So the change from v2.8 -> v2.9 was the same "magnitude" of change as from v2.9 -> v3.0

    NOTE: This comment was originally posted at StackOverflow.com by kenny