[wp-hackers] Magic Quoting removal Road Map/Plan

Jari Pennanen ciantic at oksidi.com
Fri Jun 10 15:46:40 UTC 2011


2011/6/10 John Blackbourn <johnbillion+wp at gmail.com>:
> That's fine, but you're straying from the issue at hand. If functions
> like this were implemented we are still left with the $_GET and $_POST
> superglobals that are currently quoted. The issue is that we cannot
> remove quoting from these variables because it introduces a security
> vulnerability for every plugin and theme that's been written up until
> this point. If we can't remove quoting from the superglobals, this is
> a fruitless exercise.

No sir. If everyone starts to use new API we can get rid of $_GET and
$_POST quoting. Get it? We must push everyone to use new API and when
in distant future, future of PHP6 maybe, we can get rid of this _GET
_POST quoting etc.

More information about the wp-hackers mailing list