[wp-hackers] Enforced magic quotes?
david at wordshell.net
Fri Jun 28 07:15:36 UTC 2013
Today, after a lot of debugging, I came across a fact that after a
decade tinkering with WordPress had somehow escaped me... apparently,
WordPress enforces behaviour as if PHP's (deprecated, now removed)
magic_quotes_gpc was always on. (Not 'always off', as most (all?) other
frameworks... which is what I'd merrily assumed for years).
says that this is " WordPress does this because too much core and plugin
code has come to rely on the quotes being there".
That's rather unfortunate (that WP took the opposite approach to PHP -
PHP decided the long-term solution was "always, permanently off"; WP
decided "always on") - are we stuck with this forever, or is there a
plan to reverse it at some point? Are sane plugin authors doomed (as it
says on http://www.php.net/manual/en/security.magicquotes.whynot.php),
to be permanently having the maintenance/performance burden of WP always
adding unwanted slashes, and then we remove them?
WordShell - WordPress fast from the CLI - www.wordshell.net
More information about the wp-hackers