[wp-hackers] someone tell me if I'm nuts,
but isn't stripslashes_deep on $_SERVER a bad thing?
davebytes at comcast.net
Fri Feb 17 05:04:47 GMT 2006
I was trying to test out WP-Cache under WP2[trunk], and I'm on a WAMP setup
here. Fixed a few problems related to being on windows (using symlink
functions... grrr...) that was killing initial testing the admin panel does.
Then got the panel to show up, everything looking good so far.
BUT THEN, I try to click Enable It, and get an error about not being able to
find a file. hmmm.
The panel (and posted) URL is something like:
Since the POST is being done to $_SERVER['REQUEST_URI'], which gets
stripped, the POST URL is actually turned into:
... which blows the admin panel's ability to do form POSTs. Now, in theory,
I could make the action="", right? ("" == current URI, no?). (I just
switched all the REQUEST_URI's to blanks, that seemed to work for the Enable
Anyhow, isn't it a bad thing to do stripslashes on potentially
validly-backslashed strings like a windows path? Should stripslashes be run
at ALL on $_SERVER (my own projects I've only ever done so on
(Hey, while I'm asking wacky questions, anyone have an idea why when I click
the Admin : Options : Permalink tab, Apache crashes? This is Wampserver,
apache 1.3.x, php5... I >think< rewrites were working in an older WP1.5
build, same box...)
More information about the wp-hackers