theme-editor.php broken: stripslashes() and add_magic_quotes() screw up CR LFs
|Reported by:||astounding||Owned by:||anonymous|
I'm running wordpress 2.0.4 (installed this past weekend) under PHP 5 (and configured so that get_magic_quotes_gpc() returns zero--PHP's magic quotes are the spawn of the devil in my opinion and have caused more trouble for PHP users... I digress...)
When I tried editing theme files with the theme editor (theme-editor.php), as soon as the edit was submitted, the file was totally screwed up. Where before there were newlines in the file, now the character pairs "rn" appeared (no slashes).
I traced it down to thus:
theme-editor.php requires admin.php which requires wp-config.php which in turn includes wp-settings.php
In wp-settings.php, the _POST array gets bulk-quoted with this line:
$_POST = add_magic_quotes($_POST );
Later on in theme-editor.php, there's this line:
$newcontent = stripslashes($_POSTnewcontent?);
These two things screw things up together. The first converts all CR LF pairs to "\r\n" (backslashes followed by "r" and "n"). The next strips out the slashes. The end result: All newlines get converted to "rn" which is meaningless to web browsers, web servers, etc. Do it to an important theme file and watch your wordpress site be useless.
So... What's the fix? Hasn't this issue turned up for other (all?) users? Or if PHP's built-in magic quotes are ON, does the process of removing 'em and adding 'em back in the wp-settings.php file NOT convert CR LF characters? It's a biggie.
My current work-around is a preg_replace() in theme-editor.php to convert "\r" and "\n" back to the actual CR and LF characters just before stripslashes() gets called. This seems to me to be an ugly kludge to the real problem. But maybe a true design fix would require far too much work, potentially introducing loads more bugs...