[wp-hackers] single quote in plugin options

Hans Krentel hanskrentel at yahoo.de
Mon Jul 20 17:30:20 UTC 2009


--- Matt Mullenweg <m at mullenweg.com> schrieb am So, 19.7.2009:

> Von: Matt Mullenweg <m at mullenweg.com>
> Betreff: Re: [wp-hackers] single quote in plugin options
> An: wp-hackers at lists.automattic.com
> Datum: Sonntag, 19. Juli 2009, 18:08
> On 7/15/2009 8:43 PM, Will Anderson
> wrote:
> > This is why Magic Quotes are being deprecated. They're
> useful for software
> > that doesn't do its own escaping, but software like
> WordPress does, so Magic
> > Quotes end up being more of a pain than they're
> worth.
> 
> We attempt to turn magic quotes off at the top of
> wp-settings.php:
> 
> set_magic_quotes_runtime(0);
> @ini_set('magic_quotes_sybase', 0);
> 
> If you're seeing extra quotes somewhere, it may be a bug.
> 

That's not entirely correct. The PHP-option is overwritten (as stated by Matt), but quotes are manually applied mostly everywhere the WP core code can get it's fingers on. I hope I can quote Matt that this is acually a bug, DD32 will jell out loud I'm shure. ^^ 

Maybe you are just experiencing some of those cases it is unsure wether or not data should be quoted or escaped. Dig deeper in the code and try to clarify with other devs is the only direction I can give on this one for the current status quo.

-h.




      


More information about the wp-hackers mailing list