Slashes not removed when $_SERVER in process_conditionals()

[hakre]

Since [1964] (now after [12732] in wp-includes/load.php) slashes are added to all values of $_SERVER. If then $_SERVER is accessed, slashes must be removed again otherwise things might not work as intended, e.g. comparing and parsing strings.

[hakre]

function process_conditionals() might be dead code.

[hakre]

in WP::send_headers() [wp-includes/classes.php]

[hakre]

My previous comment about dead code is invalid. Instead there are additional locations where the problem occurs.

AtomServer::process_conditionals() [wp-includes/wp-app.php]
WP::send_headers() [wp-includes/classes.php]

Related: #2597
Related: [3682] ([4715] 2.0 Backport)
Related: #12402

[hakre]

Related: [3572]

Additional it's noteworthy that removing and especially adding slashes does not add anything useful when ​magic_quotes_sybase is ON.

[dd32]

Technically, both patches look correct to me, However, it should never be a problem as a datestamp such as that field should never contain punctuation.

[johnbillion]

Replying to dd32:

a datestamp such as that field should never contain punctuation.