[wp-hackers] Enforced magic quotes?

John Blackbourn johnbillion+wp at gmail.com
Fri Jun 28 09:28:36 UTC 2013


On 28 June 2013 08:15, David Anderson <david at wordshell.net> wrote:
> Hi,
>
> Today, after a lot of debugging, I came across a fact that after a decade
> tinkering with WordPress had somehow escaped me...

Ouch.

> That's rather unfortunate (that WP took the opposite approach to PHP - PHP
> decided the long-term solution was "always, permanently off"; WP decided
> "always on") - are we stuck with this forever, or is there a plan to reverse
> it at some point? Are sane plugin authors doomed (as it says on
> http://www.php.net/manual/en/security.magicquotes.whynot.php), to be
> permanently having the maintenance/performance burden of WP always adding
> unwanted slashes, and then we remove them?

This has been discussed at excruciating length for the past few years.
Welcome to the rabbit hole. Enjoy your stay!

http://core.trac.wordpress.org/ticket/22325
http://core.trac.wordpress.org/ticket/18322

Additionally, WordPress 3.6 will be introducing some new wrapper
functions for dealing with slashes, and various API functions are
being changed to accept unslashed data instead of slashed. See
http://make.wordpress.org/core/2013/02/17/slashing-insanity/ and
http://core.trac.wordpress.org/ticket/21767 for details.

John


More information about the wp-hackers mailing list