[wp-hackers] add_magic_quotes() Plans for removal?
me at ollieread.com
Mon Mar 7 12:33:51 UTC 2011
I've had a look through the archives and could only find a few entries
about this particular issue.
I understand that when this code was introduced, PHP was pre-magic quote
deprecation and so many plugins have now been coded to allow for the
automatic escaping of incoming data. What I don't understand is why this
particular piece of functionality is still there.
As of WordPress 3.1, I have noticed that $_POST, $_GET, $_COOKIE and
$_SERVER are all escaped with no reasoning or regards for php.ini
settings. For instance, I am running PHP 5.3.4 so the magic_quotes
option doesn't even exist within php.ini. I've created a small plugin
(WP-NMMQ) so there is some way to reverse this but it's only really a
Perhaps it is worth looking into removing this piece of code in future
releases and warning the developers before hand, that as of this
version, there will need to be certain modifications to the plugins.
Better yet, if you feel that the code should remain (not sure why) then
perhaps an option should be in place to turn this on or off? Or even
have the system automatically detect whether or not PHP is 5.3+ and disable?
If it was at all possible, I'd be happy to contribute code to address
these issues and hopefully provide one of the fixes I suggested, but I'm
not entirely sure how one would go about doing so.
Also, apologies if I have dragged up an old topic that was answered
previously, but the archive is rather large.
More information about the wp-hackers