[wp-hackers] someone tell me if I'm nuts, but isn't stripslashes_deep on $_SERVER a bad thing?

David Chait davebytes at comcast.net
Fri Feb 17 05:04:47 GMT 2006


I was trying to test out WP-Cache under WP2[trunk], and I'm on a WAMP setup 
here.  Fixed a few problems related to being on windows (using symlink 
functions... grrr...) that was killing initial testing the admin panel does. 
Then got the panel to show up, everything looking good so far.

BUT THEN, I try to click Enable It, and get an error about not being able to 
find a file.  hmmm.

The panel (and posted) URL is something like:
http://localhost/wp20test/wp-admin/options-general.php?page=wp-cache\wp-cache.php

Since the POST is being done to $_SERVER['REQUEST_URI'], which gets 
stripped, the POST URL is actually turned into:
http://localhost/wp20test/wp-admin/options-general.php?page=wp-cachewp-cache.php

... which blows the admin panel's ability to do form POSTs.  Now, in theory, 
I could make the action="", right?  ("" == current URI, no?).  (I just 
switched all the REQUEST_URI's to blanks, that seemed to work for the Enable 
button...)

Anyhow, isn't it a bad thing to do stripslashes on potentially 
validly-backslashed strings like a windows path?  Should stripslashes be run 
at ALL on $_SERVER (my own projects I've only ever done so on 
get/post/cookie...)?

(Hey, while I'm asking wacky questions, anyone have an idea why when I click 
the Admin : Options : Permalink tab, Apache crashes?  This is Wampserver, 
apache 1.3.x, php5...  I >think< rewrites were working in an older WP1.5 
build, same box...)

Thanks,

-d 



More information about the wp-hackers mailing list