Hi.

In one way, yes it would.

Changing the parameter name to something that does not already have a sanitizer assigned will force that parameter to be sanitized
by the filterStrictSanitizeValues (if strict sanitize has not been disabled)

For the id parameter (renamed attr_info in your github) this is probably OK.

However here's another gotcha

In edit_orders, I can edit the product name and on submit this uses the
$_POST[update_products] field
Because this has no sanitizer ascribed to it, it gets the recursive filterStrictSanitizeValues applied
However we normally allow some html in product names, which filterStrictSanitizeValues will break

@wilt, I'm in the process of incorporating various bug-fixes into Edit Orders. Would changing that 'id' parameter to have some other name be enough to "pass" the sanitizer?
Quote Originally Posted by lat9 View Post
I'll answer my own question: Yes.

I've got an updated version of EO on GitHub (https://github.com/lat9/edit_orders) that includes that work-around.