|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2005-08-01 15:43 UTC] Arne dot Heizmann at csr dot com
Description:
------------
The following code:
ini_set ('magic_quotes_gpc') = 'Off';
does not have any effect. This is devastatingly bad for people who want to run their scripts on a server where they don't have access to php.ini.
I propose that a call to ini_set that changes the value of 'magic_quotes_gpc' should trigger a re-parsing of the input values (get, post, cookies) and re-fill the superglobal arrays with the new setting in mind.
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Mon Dec 30 14:01:28 2024 UTC |
Reparsing the input data on an ini change would be a large change to the way PHP does things. And doing this from user space is a one-liner, so I don't really see the need. eg. $_POST = array_map('stripslashes',$_POST); Or you can call parse_str() yourself after setting magic_quotes_gpc.> Reparsing the input data on an ini change would be a large > change to the way PHP does things. That isn't an argument not to do it because the current behaviour is a major problem. > And doing this from user space is a one-liner, so > I don't really see the need. > $_POST = array_map('stripslashes',$_POST); It's not a one-liner because you've forgotten to check if magic_quotes might already be turned Off in which case you must not call stripslashes. But even if it *was* a one-liner, it would be quite stupid to have to add this line to the beginning of all PHP scripts in the world that are supposed to work on more than just one server.