[wp-hackers] add_magic_quotes() Plans for removal?
chip at chipbennett.net
Mon Mar 7 15:51:06 UTC 2011
Are core decisions normally made based on how they will impact Plugins -
Plugins which are *not maintained by core*?
I don't have a particular preference on this issue; I just found your
response to be both interesting, and unexpected.
I hope - and assume - that the core team generally make decisions based
primarily on what is best for the core project, and for the community as a
whole. Generally speaking, I would likewise assume that Plugin developers
are expected to make appropriate modifications when core makes a change such
as the one discussed below.
(And isn't implementation of such changes exactly why the
function-deprecation process exists?)
On Mon, Mar 7, 2011 at 9:25 AM, Peter Westwood <peter.westwood at ftwr.co.uk>wrote:
> On 7 Mar 2011, at 14:58, Kevin Newman wrote:
> > I recently wrestled with the same problem. I checked the php setting
> (get_ini), and failed to understand why everything is still escaped, even
> when the php.ini setting shows it was clearly disabled (until I found the
> actual function that does it, and some really really old forum posts).
> > Suggested fixes:
> > 1. When you re-escape everything, also set the magic quotes ini setting.
> If setting the php.ini flag doesn't get reflected in get_ini, at least add a
> WP function to check whether this is disabled (or add it to some document
> > 2. Add a wp-config setting that simply turns off the WP
> > I understand why it was done, and why there has been no effort to change
> it, but if PHP core can go through the pain, surely WordPress can handle the
> change too.
> As has been said in response to previous threads on this subject.
> We would love to remove this code but we can't without opening up numerous
> possible security issues in plugins which unfortunately rely on it.
> If you want to go through and review every plugin in the plugin repo.
> Create patches and get them accepted by the plugin authors.
> Then we can consider removing this code. Until then it is not a good idea.
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers