Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Let's finally remove magic quotes from Vanilla!

mtschirsmtschirs ✭✭✭
edited August 2015 in Vanilla 2.0 - 2.8

Browsing through the core library, I found some crude ways of dealing with PHP's magic quotes.

E.g. Gdn_Form uses stripcslashes instead of stripslashes to deal with magic quotes in form values. Also, it only does this if the form name has a prefix identical to the form's associated table name AND only if the default InputPrefix of the form had been manually changed AND only if those values are found on the first or second nesting level of the $_REQUEST array. In all other cases, it does not strip slashes added by magic quotes.

The PHP manual says: This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0. Since Vanilla 2.2 requires PHP 5.3, I would say: let's remove all this faulty and error prone code from the Vanilla codebase!

What do you think?

Comments

Sign In or Register to comment.