[pmwiki-users] PHP slashes (was ZAP Permissions and Includes)
Patrick R. Michaud
pmichaud at pobox.com
Fri Oct 13 08:21:20 CDT 2006
On Fri, Oct 13, 2006 at 08:33:52AM -0400, Crisses wrote:
>
> Crisses
> On Oct 13, 2006, at 8:24 AM, The Editor wrote:
> > On 10/13/06, Crisses <crisses at kinhost.org> wrote:
> > Try something like this, when you receive the $_POST from the web
> > form:
> > if (get_magic_quotes_gpc()) {
> > foreach ($_POST as $key=>$value) {
> > $_POST[$key]= stripslashes($value);
> > } }
> >
> > What is the purpose of this line
> > if (get_magic_quotes_gpc()) {
> > Couldn't I just stripslashes on the values?
>
> It check whether or not the server already "addslash"ed the $_POST
> variables before stripping them.
> This would make it so you could port the code between any server without
> worrying about stripping slashes people added on-purpose.
PmWiki provides a stripmagic() function expressly for this
purpose -- it removes the slashes only if the server has
added them.
In answer to Caveman's question of "Couldn't I just stripslashes
on the values?", the answer is that if get_magic_quotes_gpc()
isn't set then stripslashes will remove any slashes in the
original input.
Pm
More information about the pmwiki-users
mailing list