[wp-trac] [WordPress Trac] #40476: $_POST values ' and \ for sure are getting escaped with a slash

WordPress Trac noreply at wordpress.org
Tue Apr 18 22:52:54 UTC 2017

#40476: $_POST values ' and \ for sure are getting escaped with a slash
 Reporter:  Jossnaz         |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Bootstrap/Load  |    Version:
 Severity:  normal          |   Keywords:
  Focuses:                  |
 this is not a feature! it cannot be that wordpress just dumps his own shit
 into whatever it feels like, in this case, $_POST

 full thread:



 I don't think this applies in your case, but I was just having a similar
 problem. I was loading a Wordpress install along with a site so I could
 show recent posts on all pages. It turns out Wordpress escapes all $_POST
 vars, no matter what magic_quotes are set to.

 I mention it because it was frustrating to figure out, and googling for an
 answer brought me here.

 Here's how I fixed it in my case:

 $temp_POST = $_POST;
 require '../www/wp_dir/wp-load.php'; // loading wordpress
 $_POST = $temp_POST;

 please fix this or at least make it configurable to make it backwards

Ticket URL: <https://core.trac.wordpress.org/ticket/40476>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list