[wp-trac] [WordPress Trac] #17856: magic_quotes_gpc future-proof enhancements

WordPress Trac wp-trac at lists.automattic.com
Thu Jun 23 14:22:59 UTC 2011 

#17856: magic_quotes_gpc future-proof enhancements
--------------------------+------------------------------
 Reporter:  troydavisson  |       Owner:
     Type:  enhancement   |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |
--------------------------+------------------------------

Comment (by troydavisson):

 John, thanks for your feedback.  I realize now that I didn't do a great
 job of explaining the my rationale for how I put together the code.

 The attached patch/diff adds code to 2 primary files.  The change to wp-
 settings.php allows for those functions to pre-load the super global data
 into static arrays.  I jumped back and forth between using basic functions
 or if I should extend the WP class.  In the end, using regular functions
 made the most sense (although it made the code in those functions a bit
 ugly).  The new "wp_input_init()" function is called in wp-settings.php
 just after the formatting.php file is included (due to the dependency on
 the stripslashes_deep function) but before "wp_magic_quotes()" is called
 which is where WordPress goes through and force changes the values of
 these super globals.

 So, populating the static variables ahead of time allows those functions
 to grab the original values of those variables:

 1. prior to WordPress force-adding magic quotes (the behavior this
 improvement is supposed to help phase out within WordPress over time)
 2. prior to plugins being loaded which have the ability to alter the
 values within those arrays.  I've run into numerous cases in the past few
 months where a plugin installed on a WordPress site has either overridden
 a $_GET variable, completely unset $_GET or has manually overridden one of
 the $_SERVER values (like the User-Agent)

 To summarize, this patch is intended to allow addon developers the access
 to a read-only version of the original values.

 Great suggestion regarding the nested values.  I hadn't considered that
 use-case but I agree that it makes sense.  I'll upload an updated patch
 that covers that.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17856#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list