Opened 4 years ago
Closed 4 years ago
#9822 closed defect (bug) (fixed)
Quick Edit loses \ in the post content
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 2.8 |
| Component: | Quick/Bulk Edit | Version: | |
| Severity: | normal | Keywords: | |
| Cc: |
Description
If a post contains \, Quick Edit it, such as changing the category, then click "Update Post". The \ is lost.
The root cause is that $post is read from the db, and the post insertion and save logic assumes magic_quotes are already added.
The fix is dd_magic_quotes($post);
Attachments (1)
Change History (12)
- Milestone changed from Unassigned to 2.8
I think the underlying reason is that
we always assume PHP directive magic_quotes_gpc is on, since it's on by default.
Therefore, for any piece of post data, the outer layer of insertion functions strips off \ to produce the 'clean' data.
Then in several cases (#9199 and this case, and perhaps #9727), data is actually read from db, so it is already clean. In order to make the above logic work, we need to arbitrarily add \
In my opinion, PHP magic_quotes_gpc is the root of these types of troubles :)
oh, it's much worse, actually. we strip magic quotes when on, and then wpdb->escapre POST, GET, COOKIE, etc. :D
Also in that function,
update the post
$_POST = $data;
seems redundant, because $data = &$_POST; assignment before.
$wpdb->prepare seems to addslashes to vars.
So it seems when we call $wpdb->prepare, we need to "stripslashes" vars first, if the var is from usr input, say $_GETkey?
Seems this convention is not followed. Correct me if I'm wrong.
there might be an area here and there where things don't occur as they should, yeah.
- Component changed from General to Quick Edit
- Owner set to ryan
- Status changed from new to assigned
comment:10
hailin — 4 years ago
removed $_POST = $data;
assignment, and tested. Revised patch.
comment:11
ryan — 4 years ago
- Resolution set to fixed
- Status changed from assigned to closed
probably the same as #9727