[pmwiki-users] PHP slashes (was ZAP Permissions and Includes)

Patrick R. Michaud pmichaud at pobox.com
Fri Oct 13 08:21:20 CDT 2006


On Fri, Oct 13, 2006 at 08:33:52AM -0400, Crisses wrote:
> 
>    Crisses
> On Oct 13, 2006, at 8:24 AM, The Editor wrote:
> > On 10/13/06, Crisses <crisses at kinhost.org> wrote:
> >   Try something like this, when you receive the $_POST from the web
> >   form:
> >    if (get_magic_quotes_gpc()) {
> >    foreach ($_POST as $key=>$value) {
> >    $_POST[$key]= stripslashes($value);
> >    } }
> >
> > What is the purpose of this line
> > if (get_magic_quotes_gpc()) {
> > Couldn't I just stripslashes on the values?
>
> It check whether or not the server already "addslash"ed the $_POST
> variables before stripping them.
> This would make it so you could port the code between any server without
> worrying about stripping slashes people added on-purpose.

PmWiki provides a stripmagic() function expressly for this
purpose -- it removes the slashes only if the server has
added them.

In answer to Caveman's question of "Couldn't I just stripslashes
on the values?", the answer is that if get_magic_quotes_gpc()
isn't set then stripslashes will remove any slashes in the
original input.

Pm




More information about the pmwiki-users mailing list