Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flag unescaped variables passed to printf, fwrite, etc #170

Closed
westonruter opened this issue May 1, 2014 · 4 comments
Closed

Flag unescaped variables passed to printf, fwrite, etc #170

westonruter opened this issue May 1, 2014 · 4 comments
Labels
Component: Extra
Milestone
0.11.0

Comments

@westonruter
Copy link
Member

There are functions other than the echo and print statements which output data. The printf function, for example, we've seen used at times to get around PHPCS warnings.
@westonruter westonruter mentioned this issue Dec 11, 2014
Closed
@JDGrimes JDGrimes mentioned this issue Feb 15, 2015
Merged
JDGrimes added a commit to JDGrimes/WordPress-Coding-Standards that referenced this issue Feb 15, 2015
@JDGrimes
XSS: require escaping for die and exit
e7c6c19 
Related: WordPress#170
JDGrimes added a commit to JDGrimes/WordPress-Coding-Standards that referenced this issue Feb 15, 2015
@JDGrimes
XSS: require sanitization for printf()
63cf844 
See WordPress#170
@JDGrimes
Copy link
Contributor

JDGrimes commented May 1, 2015

We now flag printf(). Do you still think fwrite() be added to the list?

@westonruter
Copy link
Member Author

Perhaps, but in practice I don't think I've ever seen fwrite() used in any theme or plugin code, so it seems like a very low priority.

@GaryJones
Copy link
Member

Also, use of the Filesystem API should be encouraged.

@JDGrimes JDGrimes added this to the 0.8.0 milestone Aug 30, 2015
@JDGrimes JDGrimes modified the milestones: Future Release, 0.8.0 Sep 30, 2015
@grappler
Copy link
Member

fwrite() is now included in #633

@JDGrimes JDGrimes modified the milestones: 0.11.0, Future Release Dec 30, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Extra
Projects
None yet
Milestone
0.11.0
Development

No branches or pull requests
4 participants
@GaryJones @westonruter @grappler @JDGrimes