WP 3.6 outputs NOTICE warnings ESCAPE

Viewing 14 replies - 1 through 14 (of 14 total)
  • Plugin Author Ron Rennick

    (@wpmuguru)

    I’ll put this thread on my list.

    Yes, just got the same warning…

    Thread Starter barkgj

    (@barkgj)

    For those who experience the problem here and looking for a solution, do a ob_clean invocation in the functions.php of your theme to clean the notice generated by sunrise.php. Worked for me ??

    Well – why all the trouble?

    In order to ignore php warnings just set this in your wp-config.php

    define(‘WP_DEBUG_DISPLAY’, false);

    BUT: This warning should really be taking care of by the developer. ??

    Thread Starter barkgj

    (@barkgj)

    True, but the downside of that approach is you also wont be able to see debug messages generated by other plugins / themes. Debugging lines _can_ be practical, unless they are not, like the one generated by sunrise.php ??

    Yes, you are right… ??

    I really like having those warning messages being displayed. ??

    Damn… I really hate updating wordpress… ??

    If you don’t want to turn WP_DEBUG/WP_DEBUG_DISPLAY off, the following fix worked for me:-

    Replace the line:-

    $dm_domain = $wpdb->escape( $_SERVER[ 'HTTP_HOST' ] );

    with:-

    $dm_domain = addslashes( $_SERVER[ 'HTTP_HOST' ] );

    As far as I can tell, addslashes is all that the $wpdb->escape method was doing in this case, so it should be equivalent.

    Hi

    you can use esc_sql()

    https://codex.www.ads-software.com/Function_Reference/esc_sql

    instead of the addslashes

    Thanks. RTFM ??

    And having read the manual, it looks like they are equivalent anyway:-

    An alias for $wpdb->escape(). Prepares a string for use as an SQL query. A glorified addslashes() that works with arrays.

    Since $_SERVER[ 'HTTP_HOST' ] isn’t an array, they will do the same thing, and I suppose using addslashes will save a msec or two ??

    Thread Starter barkgj

    (@barkgj)

    Ok thanks for your feedback all, I guess I can then mark the issue as resolved.

    Plugin Author Ron Rennick

    (@wpmuguru)

    Actually, it’s already being escaped below so you should be able to replace

    $dm_domain = $wpdb->escape( $_SERVER[ 'HTTP_HOST' ] );

    with

    $dm_domain = $_SERVER[ 'HTTP_HOST' ];

    This fixed my issue on one multisite install. Kudos and thanks for the help.

    tom.thetazulu

    (@tomthetazulu)

    Hi Ron,

    Thanks for the suggestion above, however after digging around the WordPress internals, I feel that esc_sql is the correct approach rather than removing the escape completely – this triggers _escape(), which is not depreciated and effectively does the same as the original escape() function.

    Keen to know your thoughts on this, and if it can be rolled into the plugin at some point? Always nervous about not explicitly escaping sql values, even $_SERVER values?

    Thanks!

    Still not in production version.
    Applied patch as suggested. :-/

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘WP 3.6 outputs NOTICE warnings ESCAPE’ is closed to new replies.