Opened 16 years ago
Closed 16 years ago
#9822 closed defect (bug) (fixed)
Quick Edit loses \ in the post content
Reported by: | hailin | Owned by: | ryan |
---|---|---|---|
Milestone: | 2.8 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Quick/Bulk Edit | Keywords: | |
Focuses: | Cc: |
Description
If a post contains \, Quick Edit it, such as changing the category, then click "Update Post". The \ is lost.
The root cause is that $post is read from the db, and the post insertion and save logic assumes magic_quotes are already added.
The fix is dd_magic_quotes($post);
Attachments (1)
Change History (12)
#3
@
16 years ago
I think the underlying reason is that
we always assume PHP directive magic_quotes_gpc is on, since it's on by default.
Therefore, for any piece of post data, the outer layer of insertion functions strips off \ to produce the 'clean' data.
Then in several cases (#9199 and this case, and perhaps #9727), data is actually read from db, so it is already clean. In order to make the above logic work, we need to arbitrarily add \
In my opinion, PHP magic_quotes_gpc is the root of these types of troubles :)
#4
@
16 years ago
oh, it's much worse, actually. we strip magic quotes when on, and then wpdb->escapre POST, GET, COOKIE, etc. :D
#5
@
16 years ago
Also in that function,
update the post
$_POST = $data;
seems redundant, because $data = &$_POST; assignment before.
#6
@
16 years ago
$wpdb->prepare seems to addslashes to vars.
So it seems when we call $wpdb->prepare, we need to "stripslashes" vars first, if the var is from usr input, say $_GETkey?
Seems this convention is not followed. Correct me if I'm wrong.
#7
@
16 years ago
there might be an area here and there where things don't occur as they should, yeah.
probably the same as #9727