[geeklog-devel] code scrubbing: stripslashes

[Oliver Spiesshofer]

I do not know if there are implications doing this code to lib_common as 
proposed... any body else has an opinion on that?

Oliver

Joe Mucchiello wrote:

> I propose a change to lib_common.php. Before everything else:

> -------------------

> // since most installs leave magic quotes off, this is a no-op.

> if (get_magic_quotes_gpc() == 1) {

>     $_POST = array_filter($_POST, 'stripslashes');

>     $_GET = array_filter($_GET, 'stripslashes');

>     $_COOKIE = array_filter($_COOKIE, 'stripslashes');

>     $_REQUEST = array_filter($_REQUEST, 'stripslashes');

> }

>

> require_once( '/path/to/geeklog/config.php' );

> -------------------

>

> This makes COM_stripslashes become:

> -------------------

> // DEPRECATED

> function COM_stripslashes($str) { return $str; }

> -------------------

>

> Reducing the number of calls to get_magic_quotes_gpc() from who know 

> how many to 1 should also be a slight speed boost.

>

> The hard part is removing all the calls directly to stripslashes(). 

> The last time I brought this up, it seemed like such an impossible 

> thing to go through everything and fix. This way, it doesn't seem so 

> hard. There are 140 direct calls to stripslashes in CVS (as of about a 

> week ago). That shouldn't be hard to remove. If I write a patch will 

> someone apply it?