[wp-hackers] Filter for '
frank at bueltge.de
Fri Sep 2 13:56:21 UTC 2011
Hello at all,
and many thanks for your replies and solution tips!!!
I will see for your great tips and find an solution; yes i have now
only an idea to filter my post to reset the Magic Quotes, but i
thought, WP has an filter and it is easy to remove the function via
remove_filter and this is enough. My app is via thickbox, why is an
extra app, ready solution and i include this extra as idependent
applikation in the thickbox, only in the backend of WP.
On Fri, Sep 2, 2011 at 3:48 PM, Dion Hulse (dd32) <wordpress at dd32.id.au> wrote:
> On 2 September 2011 23:40, Scott Kingsley Clark <scott at skcdev.com> wrote:
>> If you *absolutely had to* remove it, you could hook into
>> 'sanitize_comment_cookies' to stripslashes_deep($_var) on the global
>> arrays you're after.
> but *NEVER do this* and store the result back into the superglobal. Not
> unless you want to open your site up to security issues from all the plugins
> out there that expect slashed data - and break Quotes in posts/comments too
> at the same time. (Tip: This is why WordPress can't just turn off Magic
> quotes and be done with it. Doing so will introduce security issues into
> older plugins, and well, most new ones too)
> For a ray of sunshine in an otherwise dark world of Quoting, Pretty much
> every Developer out there wants to get rid of it, it's just the security
> implications it'd cause. See
> http://core.trac.wordpress.org/ticket/18322for very early discussions
> of moving away from it.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers