|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2007-08-17 11:20 UTC] vrana@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Nov 19 17:00:01 2025 UTC |
Description: ------------ PHP's magic quotes function has the strange behavior of not adding slashes to top level keys in GPC key/value pairs but adding the slashes in deeper level keys. To demonstrate, a URI of: example.php?a'b[c'd]=e'f produces: array("a'b" => array("c\'d" => "e\'f")) The current example for removing magic quotes does not do anything to keys, so after running stripslashes_deep, you would end up with: array("a'b" => array("c\'d" => "e'f")) Which, needless to say, is wrong. As if you had magic quotes off, it would have been: array("a'b" => array("c'd" => "e'f")) I have written a snippet of code compatible with PHP 4.0.0 and above that handles this correctly: if (get_magic_quotes_gpc()) { function undoMagicQuotes($array, $topLevel=true) { $newArray = array(); foreach($array as $key => $value) { if (!$topLevel) { $key = stripslashes($key); } if (is_array($value)) { $newArray[$key] = undoMagicQuotes($value, false); } else { $newArray[$key] = stripslashes($value); } } return $newArray; } $_GET = undoMagicQuotes($_GET); $_POST = undoMagicQuotes($_POST); $_COOKIE = undoMagicQuotes($_COOKIE); $_REQUEST = undoMagicQuotes($_REQUEST); } Perhaps you should replace the example in the manual with my code snippet. Oh and I have left a comment there too for users who visit the page before you guys fix it. So someone could delete that once it's fixed.