[wp-hackers] single quote in plugin options

[Heiko Rabe]

Out of PHP manuals http://php.net/manual/en/ini.list.php:

magic_quotes_runtime 
<http://de.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime> 
	"0" 	PHP_INI_ALL 	Removed in PHP 6.0.0.
magic_quotes_sybase 
<http://de.php.net/manual/en/sybase.configuration.php#ini.magic-quotes-sybase> 
	"0" 	PHP_INI_ALL 	Removed in PHP 6.0.0.


because it gives no security, the programmer is always responsible to 
correct escapement inside code!

regards

> --- Matt Mullenweg <m at mullenweg.com> schrieb am So, 19.7.2009:
>
>   
>> Von: Matt Mullenweg <m at mullenweg.com>
>> Betreff: Re: [wp-hackers] single quote in plugin options
>> An: wp-hackers at lists.automattic.com
>> Datum: Sonntag, 19. Juli 2009, 18:08
>> On 7/15/2009 8:43 PM, Will Anderson
>> wrote:
>>     
>>> This is why Magic Quotes are being deprecated. They're
>>>       
>> useful for software
>>     
>>> that doesn't do its own escaping, but software like
>>>       
>> WordPress does, so Magic
>>     
>>> Quotes end up being more of a pain than they're
>>>       
>> worth.
>>
>> We attempt to turn magic quotes off at the top of
>> wp-settings.php:
>>
>> set_magic_quotes_runtime(0);
>> @ini_set('magic_quotes_sybase', 0);
>>
>> If you're seeing extra quotes somewhere, it may be a bug.
>>
>>     
>
> That's not entirely correct. The PHP-option is overwritten (as stated by Matt), but quotes are manually applied mostly everywhere the WP core code can get it's fingers on. I hope I can quote Matt that this is acually a bug, DD32 will jell out loud I'm shure. ^^ 
>
> Maybe you are just experiencing some of those cases it is unsure wether or not data should be quoted or escaped. Dig deeper in the code and try to clarify with other devs is the only direction I can give on this one for the current status quo.
>
> -h.
>
>
>
>
>       
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>