[wp-trac] [WordPress Trac] #18322: The Road to Magic Quotes Sanity

WordPress Trac noreply at wordpress.org
Thu Apr 24 10:06:03 UTC 2014


#18322: The Road to Magic Quotes Sanity
----------------------------+-----------------------------
 Reporter:  ryan            |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Future Release
Component:  Bootstrap/Load  |     Version:  3.2.1
 Severity:  major           |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+-----------------------------

Comment (by thanatica2):

 > I know this is a pretty long ticket (especially if you account for all
 the related ones that are linked), but it's definitely worth taking the
 time to carefully read each comment. Currently magic quotes *are*
 necessary because removing them could easily open us to unexpected
 security vulnerabilities. And even if we fix all those in core, there
 would likely be hundreds (conservative estimate) of plugins that would be
 suddenly vulnerable because they were assuming slashed data and it wasn't.

 You must be confusing PHP magic quotes with WP magic quotes. The latter
 ones must be removed, because they mess up plugins that assume PHP can be
 queried for magic quotes having been applied. This flag will be false even
 if they have been applied, because it's a WP function.

 This is reinventing the wheel (the square wheel, imo) and therefore
 completely bollocks.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/18322#comment:39>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list