[geeklog-devel] code scrubbing: stripslashes
Oliver Spiesshofer
oliver at spiesshofer.com
Sat Aug 11 15:19:44 EDT 2007
I do not know if there are implications doing this code to lib_common as
proposed... any body else has an opinion on that?
Oliver
Joe Mucchiello wrote:
> I propose a change to lib_common.php. Before everything else:
> -------------------
> // since most installs leave magic quotes off, this is a no-op.
> if (get_magic_quotes_gpc() == 1) {
> $_POST = array_filter($_POST, 'stripslashes');
> $_GET = array_filter($_GET, 'stripslashes');
> $_COOKIE = array_filter($_COOKIE, 'stripslashes');
> $_REQUEST = array_filter($_REQUEST, 'stripslashes');
> }
>
> require_once( '/path/to/geeklog/config.php' );
> -------------------
>
> This makes COM_stripslashes become:
> -------------------
> // DEPRECATED
> function COM_stripslashes($str) { return $str; }
> -------------------
>
> Reducing the number of calls to get_magic_quotes_gpc() from who know
> how many to 1 should also be a slight speed boost.
>
> The hard part is removing all the calls directly to stripslashes().
> The last time I brought this up, it seemed like such an impossible
> thing to go through everything and fix. This way, it doesn't seem so
> hard. There are 140 direct calls to stripslashes in CVS (as of about a
> week ago). That shouldn't be hard to remove. If I write a patch will
> someone apply it?
More information about the geeklog-devel
mailing list