Dev news

Commit dd1aaddf6a for wordpress.org

commit dd1aaddf6a79a90640e5bcfc8fc36852316d860d
Author: Weston Ruter <weston@xwp.co>
Date:   Wed Feb 4 18:52:49 2026 +0000

    Formatting: Deprecate the `addslashes_gpc()` function.

    This deprecates `addslashes_gpc()` in favor of `wp_slash()`, as the former is just a wrapper for the latter. The three remaining uses of `addslashes_gpc()` (in `WP_Query`) have been replaced with `wp_slash()`. Unit tests are added to verify that they have the same behavior.

    Developed in https://github.com/WordPress/wordpress-develop/pull/10771

    Follow-up to [23591], [23555].

    Props rutviksavsani, audrasjb, westonruter, mindctrl, johnbillion.
    See #21767.
    Fixes #64539.

    Built from https://develop.svn.wordpress.org/trunk@61590


    git-svn-id: http://core.svn.wordpress.org/trunk@60901 1a063a9b-81f0-0310-95a4-ce76da25c4cd

diff --git a/wp-includes/class-wp-query.php b/wp-includes/class-wp-query.php
index 8edcf80b54..2e18b7eb97 100644
--- a/wp-includes/class-wp-query.php
+++ b/wp-includes/class-wp-query.php
@@ -2386,7 +2386,7 @@ class WP_Query {
 		// Author/user stuff.

 		if ( ! empty( $query_vars['author'] ) && '0' != $query_vars['author'] ) {
-			$query_vars['author'] = addslashes_gpc( '' . urldecode( $query_vars['author'] ) );
+			$query_vars['author'] = wp_slash( '' . urldecode( $query_vars['author'] ) );
 			$authors              = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $query_vars['author'] ) ) );
 			sort( $authors );
 			foreach ( $authors as $author ) {
@@ -2505,7 +2505,7 @@ class WP_Query {
 			$orderby_array = array();
 			if ( is_array( $query_vars['orderby'] ) ) {
 				foreach ( $query_vars['orderby'] as $_orderby => $order ) {
-					$orderby = addslashes_gpc( urldecode( $_orderby ) );
+					$orderby = wp_slash( urldecode( $_orderby ) );
 					$parsed  = $this->parse_orderby( $orderby );

 					if ( ! $parsed ) {
@@ -2518,7 +2518,7 @@ class WP_Query {

 			} else {
 				$query_vars['orderby'] = urldecode( $query_vars['orderby'] );
-				$query_vars['orderby'] = addslashes_gpc( $query_vars['orderby'] );
+				$query_vars['orderby'] = wp_slash( $query_vars['orderby'] );

 				foreach ( explode( ' ', $query_vars['orderby'] ) as $i => $orderby ) {
 					$parsed = $this->parse_orderby( $orderby );
diff --git a/wp-includes/deprecated.php b/wp-includes/deprecated.php
index 360acf5d46..11dc214cd0 100644
--- a/wp-includes/deprecated.php
+++ b/wp-includes/deprecated.php
@@ -6480,6 +6480,24 @@ function wp_print_auto_sizes_contain_css_fix() {
 	<?php
 }

+/**
+ * Adds slashes to a string or recursively adds slashes to strings within an array.
+ *
+ * This function is just a wrapper for `wp_slash()`. It was originally related to
+ * magic quotes functionality which was deprecated in PHP 5.3.0 and removed in PHP 5.4.0.
+ *
+ * @since 0.71
+ * @deprecated 7.0.0 Use wp_slash() instead.
+ * @see wp_slash()
+ *
+ * @param string|array $gpc String or array of data to slash.
+ * @return string|array Slashed `$gpc`.
+ */
+function addslashes_gpc( $gpc ) {
+	_deprecated_function( __FUNCTION__, '7.0.0', 'wp_slash()' );
+	return wp_slash( $gpc );
+}
+
 /**
  * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
  *
@@ -6508,4 +6526,3 @@ function wp_sanitize_script_attributes( $attributes ) {
 	}
 	return $attributes_string;
 }
-
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index f59f877775..3b546c30ee 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -2837,18 +2837,6 @@ function untrailingslashit( $value ) {
 	return rtrim( $value, '/\\' );
 }

-/**
- * Adds slashes to a string or recursively adds slashes to strings within an array.
- *
- * @since 0.71
- *
- * @param string|array $gpc String or array of data to slash.
- * @return string|array Slashed `$gpc`.
- */
-function addslashes_gpc( $gpc ) {
-	return wp_slash( $gpc );
-}
-
 /**
  * Navigates through an array, object, or scalar, and removes slashes from the values.
  *
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 95d3fd80f5..c7c7346c76 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '7.0-alpha-61589';
+$wp_version = '7.0-alpha-61590';

 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.