[wp-hackers] Magic quotes "on" forever?

Peter Westwood peter.westwood at ftwr.co.uk
Wed May 5 21:33:28 UTC 2010


On 5 May 2010, at 22:25, Mark Waterous wrote:

> Doesn't it seem a little outdated to be doing this when even PHP is removing
> the feature from it's core set of directives? Such security issues should be
> handled inside of the database abstraction and not on a global scale, but
> then I probably just don't understand the implementation due to not seeing
> it from a core developers pov.
> 

From memory the issue is that too many plugins rely on the fact that the SuperGlobals are already escaped and don't use the more recent prepare stuff.

Therefore if we remove this we risk making all those plugins vulnerable.

westi
-- 
Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5



More information about the wp-hackers mailing list