[wp-trac] [WordPress Trac] #18322: The Road to Magic Quotes Sanity

WordPress Trac noreply at wordpress.org
Wed Feb 19 17:04:36 UTC 2014 

#18322: The Road to Magic Quotes Sanity
----------------------------+-----------------------------
 Reporter:  ryan            |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Future Release
Component:  Bootstrap/Load  |     Version:  3.2.1
 Severity:  major           |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+-----------------------------

Comment (by aaroncampbell):

 Replying to [comment:33 arman.poghosyan]:
 > Are these charts up to date?
 > On all shared hostings that we use for our clients (I don't know if it
 is appropriate to name hosting companies here, but they are actually top
 (read most advertised and used) hostings)) PHP 5.4 is set up by default
 (on a few of them, PHP 5.2 is on, but you can easily change to 5.4 from
 CPanel) and on some of them you can even switch up to PHP 5.6.

 Yes, those charts are up to date.  Even if 5.4 were the default on all
 hosts (and it definitely isn't), that would only affect new sites.  All
 existing sites would still be on whatever the default was when they first
 signed up for hosting.  Very few people ever change their PHP version
 unless a host forces them so, and hosts don't change it for you because it
 could break things.  Unfortunately it will be quite a while until a
 majority of WordPress sites are on PHP 5.4+

 Replying to [comment:34 thanatica2]:
 > Why are we still discussing this? Just remove the magic quotes. They are
 not neccesary.

 I know this is a pretty long ticket (especially if you account for all the
 related ones that are linked), but it's definitely worth taking the time
 to carefully read each comment.  Currently magic quotes *are* necessary
 because removing them could easily open us to unexpected security
 vulnerabilities.  And even if we fix all those in core, there would likely
 be hundreds (conservative estimate) of plugins that would be suddenly
 vulnerable because they were assuming slashed data and it wasn't.

 I think we'd all like to get rid of the forced slashing, but we need to
 come up with a way to do it that doesn't result in thousands of vulnerable
 sites.  We haven't yet found an elegant way to do that.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/18322#comment:35>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list