[wp-trac] [WordPress Trac] #18322: The Road to Magic Quotes Sanity
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 7 16:31:13 UTC 2011
#18322: The Road to Magic Quotes Sanity
--------------------------+-----------------------------
Reporter: ryan | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: General | Version: 3.2.1
Severity: normal | Resolution:
Keywords: |
--------------------------+-----------------------------
Comment (by CaptainN):
I wrote a small proof of concept for an idea I had to make runtime
compatibility patching easier. The idea is you would use an ArrayObject,
and overwrite the $_GET, etc. vars, to make it easy to switch between
slashed and unslashed in different contexts.
The problem with this approach is that it changes those vars to an object
type, so they'll fail is_array and from what I've read also won't work in
some places where array is required (through php 5 type hinting), so I
didn't flush it out any further. I thought I'd share, in case there is any
merit to the idea, or a PHP wizard more magical than me could smooth the
edges (or if PHP changes their core to accept ArrayObject in places where
array is currently required).
{{{
<?php
// From formatting.php ln: 1233
/**
* Navigates through an array and removes slashes from the values.
*
* If an array is passed, the array_map() function causes a callback to
pass the
* value back to the function. The slashes from this value will removed.
*
* @since 2.0.0
*
* @param array|string $value The array or string to be stripped.
* @return array|string Stripped array (or string in the callback).
*/
function stripslashes_deep($value) {
if ( is_array($value) ) {
$value = array_map('stripslashes_deep', $value);
} elseif ( is_object($value) ) {
$vars = get_object_vars( $value );
foreach ($vars as $key=>$data) {
$value->{$key} = stripslashes_deep( $data );
}
} else {
$value = stripslashes($value);
}
return $value;
}
function addslashes_deep( $value )
{
if ( is_array( $value ) ) {
$value = array_map( 'addslashes_deep', $value );
}
elseif ( is_object( $value ) )
{
$vars = get_object_vars( $value );
foreach ( $vars as $key=>$data ) {
$value->{$key} = addslashes_deep( $data );
}
}
else {
$value = addslashes( $value );
}
return $value;
}
class WP_GPC extends ArrayObject
{
// set the default magicness here
public $magic_quotes = true;
private $raw;
public function __construct( $data )
{
$raw = $data;
// Check ini setting, get rid of built in slashes
if ( get_magic_quotes_gpc() ) {
$data = stripslashes_deep( $data );
}
// set the props
parent::__construct( $data );
}
public function offsetGet($offset)
{
$value = null;
if ( parent::offsetGet( $offset ) )
{
if ( $this->magic_quotes ) {
$value = addslashes_deep(
parent::offsetGet( $offset ) );
}
else {
$value = parent::offsetGet( $offset );
}
}
return $value;
}
}
header('Content-Type: text/plain');
ini_set("html_errors", "0");
print_r($_GET);
$_GET = new WP_GPC( $_GET );
$_POST = new WP_GPC( $_POST );
$_COOKIE = new WP_GPC( $_COOKIE );
$_REQUEST = new WP_GPC( $_REQUEST );
echo $_GET['some_query_var'];
$_GET->magic_quotes = false;
echo $_GET['some_query_var'];
?>
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18322#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list