[dev] Proposal: replace most dispelMagicQuotes() usage with a single filter in core.php?
Chuck Hagenbuch
chuck at horde.org
Fri Jan 26 21:11:42 PST 2007
Similar to the register_globals protection that we have in core.php,
what if we did all magic quotes un-escaping there instead of on every
call to getFormData?
Something like this (from one of Ilia's presentations):
if (get_magic_quotes_gpc()) {
$in = array(&$_GET, &$_POST, &$_COOKIE);
while (list($k,$v) = each($in)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$in[$k][$key] = stripslashes($val); continue;
}
$in[] =& $in[$k][$key];
}
}
unset($in);
}
Also, I notice that $_SESSION is missing from the register globals
protection - any specific reason why?
-chuck
--
"we are plastered to the windshield of the bus that is time." - Chris
More information about the dev
mailing list