Context Navigation

← Previous Ticket
Next Ticket →

#9189 closed defect (bug) (fixed)

add_magic_quotes now double-escaping post content when saving

Reported by:	filosofo	Owned by:
Milestone:	2.8	Priority:	highest omg bbq
Severity:	normal	Version:	2.8
Component:	General	Keywords:
Focuses:		Cc:

Description

[10597] introduced the use of mysql_real_escape_string() in wpdb's escape() method.

However, when you save a post the content gets double-escaped, which means that line breaks are turned into \r\n and then \\r\\n.

The first escape is in wp-settings.php where applies add_magic_quotes() to $_POST.

The second is in wp_update_post() which applies it to the post content (wp_update_post() is called by edit_post()).

Then wp_update_post() calls wp_insert_post(), which calls stripslashes_deep(), so we end up with rn.

Change History (4)

#1 @mrmist
17 years ago

Keywords needs-patch added
Version set to 2.8

Confirmed against multiple installations.

#2 @ryan
17 years ago

(In [10604]) Use mysql_real_escape_string() only in prepare(), insert(), and update(). escape() uses addslashes only. Add array support to escape(). see #9189

#3 @ryan
17 years ago

Resolution set to fixed
Status changed from new to closed

#4 @hakre
16 years ago

Keywords add_magic_quotes mysql_real_escape_string needs-patch removed

#1394 - add_slashes() does not escape all database input correctly
#11819 - Use mysql_real_escape_string instead of addslashes

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core