[ZendTo] unconditional use of stripslashes, missing backslashes.
Joerg Streibhardt
eljoest+lists at googlemail.com
Fri Feb 3 16:49:54 GMT 2012
Hi Jules
my first real user informed me that the backslashes he typed into the
message were removed.
After looking around for a bit I noticed that most if not all
instances of stripslashes are called whether PHP added those "magic
quotes" or not.
Unfortunately I'm unable to globally enable magic quotes and the
manual states that:
> This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.
> http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
I've changed the setting locally for ZendTo by adding
> php_flag magic_quotes_gpc on
in the apache-configuration for <Directory /opt/zendto/www/>.
I think stripslashes should only be used if get_magic_quotes_gpc()
returns true. Removing it altogether is probably not a good idea at
this time.
What do you think?
Cheers
Jörg
More information about the ZendTo
mailing list