End the Escape Madness in wp-settings.php
|Reported by:||hakre||Owned by:|
Mixing things up is well - mixing things up. I know it's very hard, the damn fukne hard way to realize this years later and then confront yourself with an installation-base you just have left all over the planet. I think any PHP coder knows about such issues. One of them for me is the by me so called
there was a time when you needed to check at the very beginning of your code wether magic_quotes_gpc was on or off. do you remember? gosh that was a time!
so everybody who had no access to the php configuration put some if clause in their code checking for get_magic_quotes_gpc() and then unslashing the request vars if they were slashed.
then time passed by.
it was talked much about php.
at the end of a very long and deep discussion process, php devs decided to throw magic_quotes out of their codebase because it created a lot of chaos while proving no use.
some time ago, some authors thought: hmm how to end the madness? they were very-very clever: not only cheking for by-php-added-slashes and then removing-them-all only to add-slashes-all-over-again. shortly said: escaping the escaping-madess and leaving an ever bigger madness.
dear wordpress devs. when can we end this? i know it's hard to realise but whouldn't it be possible to throw this second escaping all over anything-by-request leaving the programmers a chance to know what kind of data they are dealing with? i don't want to rant but what about providing at least a known version number or a global configuration setting sothat a plugin author knows wether form input is useless-slashed or not? adding slashes at the very beginning does not help anyone, it was a fault to think that it reduces attacks.
Change History (10)
- Keywords needs-patch added
- Milestone changed from 2.9 to Future Release
- Milestone Future Release deleted
- Resolution set to maybelater
- Status changed from new to closed