| Bug #39859 | Documentation: Disabling Magic Quotes Example Flawed | ||||
|---|---|---|---|---|---|
| Submitted: | 17 Dec 2006 8:19pm UTC | Modified: | 17 Aug 2007 11:20am UTC | ||
| From: | niraj6 at yahoo dot com | Assigned to: | |||
| Status: | Wont fix | Category: | Documentation problem | ||
| Version: | Irrelevant | OS: | Windows XP SP2 | ||
| Votes: | 4 | Avg. Score: | 3.0 ± 1.4 | Reproduced: | 3 of 3 (100.0%) |
| Same Version: | 1 (33.3%) | Same OS: | 1 (33.3%) | ||
[17 Aug 2007 11:20am UTC] vrana@php.net
The behavior of keys escaping changed between PHP versions.
Description: ------------ PHP's magic quotes function has the strange behavior of not adding slashes to top level keys in GPC key/value pairs but adding the slashes in deeper level keys. To demonstrate, a URI of: example.php?a'b[c'd]=e'f produces: array("a'b" => array("c\'d" => "e\'f")) The current example for removing magic quotes does not do anything to keys, so after running stripslashes_deep, you would end up with: array("a'b" => array("c\'d" => "e'f")) Which, needless to say, is wrong. As if you had magic quotes off, it would have been: array("a'b" => array("c'd" => "e'f")) I have written a snippet of code compatible with PHP 4.0.0 and above that handles this correctly: if (get_magic_quotes_gpc()) { function undoMagicQuotes($array, $topLevel=true) { $newArray = array(); foreach($array as $key => $value) { if (!$topLevel) { $key = stripslashes($key); } if (is_array($value)) { $newArray[$key] = undoMagicQuotes($value, false); } else { $newArray[$key] = stripslashes($value); } } return $newArray; } $_GET = undoMagicQuotes($_GET); $_POST = undoMagicQuotes($_POST); $_COOKIE = undoMagicQuotes($_COOKIE); $_REQUEST = undoMagicQuotes($_REQUEST); } Perhaps you should replace the example in the manual with my code snippet. Oh and I have left a comment there too for users who visit the page before you guys fix it. So someone could delete that once it's fixed.