Skip to content

GPC Magic Quotes in WordPress is Compulsory

May 19th, 2007 at 1:59 am

I just updated my Sticky Post and Post Footer plugins. A few people had told me that quotes in their text were backslashed.

That struck me as odd since I had done a get_magic_quotes_gpc() and stripslash() of all $_GET and $_POST variables.

What puzzled me even more was that their PHP magic_quotes_gpc option was turned off, but $_GET and $_POST variables containing quotes were backslashed.

After a little searching, I found the problem. It turnes out that the folks from WordPress had actually made it compulsory to backslash all GPC variables if it contains quotes.

You can find this block of code in the wp-settings.php file.


// If already slashed, strip.
if ( get_magic_quotes_gpc() ) {
$_GET = stripslashes_deep($_GET );
$_POST = stripslashes_deep($_POST );
$_COOKIE = stripslashes_deep($_COOKIE);
}


// Escape with wpdb.
$_GET = add_magic_quotes($_GET );
$_POST = add_magic_quotes($_POST );
$_COOKIE = add_magic_quotes($_COOKIE);
$_SERVER = add_magic_quotes($_SERVER);

Perhaps this was documented somewhere, but I missed it completely. :(

So in future, just stripslash() all your GPC variables.

WP Text Ads Like this post? Buy an ad and drive visitors to your site

About the author

I'm Alex Choo and I live in sunny Singapore. I'm also the developer of WP Text Ads, a WordPress plugin that lets bloggers sell ads directly to advertisers so that they pay 0% in commissions and earn 100% in profits.

Feel free to drop me a note anytime you wish. You should also subscribe to the low volume email announcement list for WP Text Ads below.

Email address:

Comments 7

  1. Eric wrote:

    Thanks for this post! I’ve already wasted an hour trying to solve this “problem”, but I won’t have to waste any more time now!!

    Posted 10 Oct 2008 at 2:24 am
  2. Илья wrote:

    Да уж… Жизнь - она как вождение велосипеда. Чтобы сохранить равновесие, ты должен двигаться.

    Posted 26 Feb 2009 at 6:03 pm
  3. alikos wrote:

    Да уж… Жизнь - как вождение велосипеда. Чтобы сохранить равновесие, ты должен двигаться.

    Posted 19 Jun 2009 at 1:32 am
  4. BeчнaЯ wrote:

    Глубокоуважаемые, а нельзя оставлять комментарии непосредственно по теме, а не разную глупость типа Автор молодец и т.д.

    Posted 21 Aug 2009 at 1:41 am
  5. Никита wrote:

    А я посмотрю, Вы как обычно немногословны ;)

    Posted 26 Aug 2009 at 7:21 pm
  6. Kularius wrote:

    Познавательно, но не убедительно. Чего-то не хватает, а чего не пойму. Но, скажу прямо: – светлые и доброжелательные мысли.

    Posted 06 Nov 2009 at 12:00 am
  7. BeдьмoчкA wrote:

    Всем привет! Я тут новичок. Примите в компанию? :)

    Posted 10 Mar 2010 at 1:40 am

Trackbacks & Pingbacks 1

  1. From Magic Quotes. =( - Page 2 - x10Hosting Community on 04 Dec 2009 at 2:23 pm

    […] Magic Quotes. =( It might be worse than you think. Alex Choo states back in 2007 that WordPress escapes quotes even when magic quotes is turned off. The offending lines are in wp-settings.php, though editing […]

Post a Comment

Your email is never published nor shared. Required fields are marked *