This conversation happens often enough that I've ceased to be mind boggled by it. A developer will submit code, I review it, and I'll tell them to please sanitize the input. Instead of just using the functions, they'll come back and ask why? Invariably they'll point out that they're using nonces to make sure only authorized actions can happen (no cross site scripting), and they're checking user permissions too, limiting access to only admins. So why am I being pedantic? My default reply:
Table of Contents
Admins are humans. Humans make mistakes. Computers do exactly what they're told to do.
Admins Are Humans Admins Are HumansI'm often a broken record, telling people to sanitize, validate, and escape. When people ask me which sanitize function to use in WordPress, I play Socrates and walk them through the logic process. What kind of data are you saving? What will it look like? Okay, now what of these looks the most appropriate based on their descriptions? Sanitizing data is contextual. By this I mean we sanitize for what the saved data should be. If you're saving an email address, make sure you sanitize for email and so on. This has a side benefit of helping validate your data as well. If you check that the email address entry actually is an email, you're both sanitizing and validating. Now you've prevented someone from putting in a domain instead of an email!
Humans Make Mistakes Humans Make MistakesThe details of 'best practices' for coding change often, as we learn about how to make code safer and smarter. That said, the ultimate best practices have nothing to do with the language you're writing in, the app you're writing for, or even the platform!
- Restrict access to only the people who need it
- Sanitize and validate the data you're given
- Provide helpful error messages
- Test your code with good and bad data
- Document what the code does and what the errors mean