[wp-hackers] add_magic_quotes() Plans for removal?

Chip Bennett chip at chipbennett.net
Mon Mar 7 15:51:06 UTC 2011


Are core decisions normally made based on how they will impact Plugins -
Plugins which are *not maintained by core*?

I don't have a particular preference on this issue; I just found your
response to be both interesting, and unexpected.

I hope - and assume - that the core team generally make decisions based
primarily on what is best for the core project, and for the community as a
whole. Generally speaking, I would likewise assume that Plugin developers
are expected to make appropriate modifications when core makes a change such
as the one discussed below.

(And isn't implementation of such changes exactly why the
function-deprecation process exists?)

Chip

On Mon, Mar 7, 2011 at 9:25 AM, Peter Westwood <peter.westwood at ftwr.co.uk>wrote:

>
> On 7 Mar 2011, at 14:58, Kevin Newman wrote:
>
> > I recently wrestled with the same problem. I checked the php setting
> (get_ini), and failed to understand why everything is still escaped, even
> when the php.ini setting shows it was clearly disabled (until I found the
> actual function that does it, and some really really old forum posts).
> >
> > Suggested fixes:
> >
> > 1. When you re-escape everything, also set the magic quotes ini setting.
> If setting the php.ini flag doesn't get reflected in get_ini, at least add a
> WP function to check whether this is disabled (or add it to some document
> somewhere).
> >
> > 2. Add a wp-config setting that simply turns off the WP
> auto-magic-quotes.
> >
> > I understand why it was done, and why there has been no effort to change
> it, but if PHP core can go through the pain, surely WordPress can handle the
> change too.
> >
>
> As has been said in response to previous threads on this subject.
>
> We would love to remove this code but we can't without opening up numerous
> possible security issues in plugins which unfortunately rely on it.
>
> If you want to go through and review every plugin in the plugin repo.
> Create patches and get them accepted by the plugin authors.
>
> Then we can consider removing this code. Until then it is not a good idea.
>
> Cheers
> --
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list