WordPress 2.8.6 foobars my theme options with escape slashes!

Question

I've just upgraded a blog to WordPress 2.8.6 and found they are escaping quotes differently from 2.8.5

I've got a theme options panel that allows the user to input their img tags into a text area.

However, when the options are saved, WP is adding escape slashes to the double quotes it finds in the text area.

Example:

<img src="somefile.jpg" />

becomes

<img src=\"somefile.jpg\" />

And this causes the image to fail to load

Also, on every save of my theme options, the backslashes are doubling growing in number!!!

` function mytheme_add_admin() {

global $themename, $shortname, $options;

if ( $_GET['page'] == basename(FILE) ) {

if ( 'save' == $_REQUEST['action'] ) {

  foreach ($options as $value) {
    update_option( $value['id'], $_REQUEST[ $value['id'] ] ); 
  }

  foreach ($options as $value) {
    if( isset( $_REQUEST[ $value['id'] ] ) ) { 
      update_option( $value['id'], $_REQUEST[ $value['id'] ]  ); 
    } else { 
      delete_option( $value['id'] ); 
    } 
  }

  header("Location: themes.php?page=functions.php&saved=true");
  die;

} else if( 'reset' == $_REQUEST['action'] ) {

foreach ($options as $value) { delete_option( $value['id'] ); }

header("Location: themes.php?page=functions.php&reset=true"); die;

} `

Answer 1

WordPress always performs magic_quotes_gpc for backwards compat reasons. When dealing with GPC data, you must run stripslashes() on the data to get it in its raw form.