[geeklog-devel] code scrubbing: stripslashes

Oliver Spiesshofer oliver at spiesshofer.com
Sat Aug 11 15:19:44 EDT 2007


I do not know if there are implications doing this code to lib_common as 
proposed... any body else has an opinion on that?

Oliver

Joe Mucchiello wrote:
> I propose a change to lib_common.php. Before everything else:
> -------------------
> // since most installs leave magic quotes off, this is a no-op.
> if (get_magic_quotes_gpc() == 1) {
>     $_POST = array_filter($_POST, 'stripslashes');
>     $_GET = array_filter($_GET, 'stripslashes');
>     $_COOKIE = array_filter($_COOKIE, 'stripslashes');
>     $_REQUEST = array_filter($_REQUEST, 'stripslashes');
> }
>
> require_once( '/path/to/geeklog/config.php' );
> -------------------
>
> This makes COM_stripslashes become:
> -------------------
> // DEPRECATED
> function COM_stripslashes($str) { return $str; }
> -------------------
>
> Reducing the number of calls to get_magic_quotes_gpc() from who know 
> how many to 1 should also be a slight speed boost.
>
> The hard part is removing all the calls directly to stripslashes(). 
> The last time I brought this up, it seemed like such an impossible 
> thing to go through everything and fix. This way, it doesn't seem so 
> hard. There are 140 direct calls to stripslashes in CVS (as of about a 
> week ago). That shouldn't be hard to remove. If I write a patch will 
> someone apply it?




More information about the geeklog-devel mailing list