tags:

views:

61

answers:

1
+1  Q: 

WordPress plugins and problem with magic_quotes_gpc

Hi, I want to write some plugin which adds forms in administration panel and in blog posts. I'm struggling now with magic_quotes.

First I've tried to use magic_quotes_gpc as in clear PHP. But it looks like WordPress ignores this flag and always quotes submitted form contents (at least forms in posts, forms in administration panel are not quoted).

But then I uploaded my plugin to DreamHost and it acts in a different way.

What is the correct way to process submitted form contents in WordPress plugins?

A: 

Basically, you seem to have a different PHP configuration between (presumably) your development environment and Dreamhost. I assume you would like your plugin to be able to handle both scenarios: magic_quotes on and off. Here's some ideas/thoughts.

  • You can't always change php.ini settings at runtime - it depends on the server configuration.

  • You can't always change the php.ini either. On Dreamhost this is possible, but unsupported.

  • You can detect if magic_quotes is activated with ini_get().

  • magic_quotes_gpc essentially runs addslashes() on all GET, POST, and COOKIE data

  • You can perform the inverse operation with stripslashes().

A common technique is to write a simple wrapper for accessing parameters (GET/POST/COOKIE), such as:

function myplugin_param($name)
{
    if (ini_get('magic_quotes_gpc'))
    {
        return stripslashes($_REQUEST[$name]);
    }
    return $_REQUEST[$name];
}

Hope that helps!

Adam  2010-08-05 07:54:53
Yes, I know that. Problem is more complicated, I think. I'm processing magic_quotes_gpc in normal way (I'm stripping slashes only, when magic_quotes is on), but on DreamHost every input is quoted.During my tests on my server with magic_quotes off the input in administrator panel is not quoted, but input in post page is.
krzysiek.drozdz  2010-08-06 06:20:39
Perhaps the theme you are using is unnecessarily quoting the input. What happens if you activate a different one?
Adam  2010-08-06 07:25:37
Exactly the same. My biggest problem is that I'm processing the magic_quotes flag correctly, but on different servers it behaves in different ways. Is there any other flag I should check?
krzysiek.drozdz  2010-08-08 07:13:58

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases