PHP :: Bug #44876 :: stripslashes() removes backslashes in wrong cases

Bug #44876

stripslashes() removes backslashes in wrong cases

Submitted:

2008-04-30 21:16 UTC

Modified:

2008-05-02 21:52 UTC

Votes:	6
Avg. Score:	4.0 ± 0.8
Reproduced:	6 of 6 (100.0%)
Same Version:	5 (83.3%)
Same OS:	4 (66.7%)

From:

c dot onogol at gmail dot com

Assigned:

Status:

Wont fix

Package:

Scripting Engine problem

PHP Version:

5.2.5

OS:

Windows NT

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	c dot onogol at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2008-04-30 21:16 UTC] c dot onogol at gmail dot com

Description:
------------
stripslashes is supposed to remove backslashes added by addslashes():
from the doc:
   stripslashes ? Un-quote string quoted with addslashes()
   addslashes ? Quote string with slashes


stripslashes return values from the documentation:
Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\\) are made into a single backslash (\).

The problem is that it removes single backslashes that are not escaping any quotes/slashes.
For example, "this one \ that one" should stay the same after running stripslashes(), but it actually is stripping the backslash, so the end result of stripslashes("this one \ that one") is "this one that one".

the backslash in "this one \ that one" is part of the original text and is not a backslash addslashes() would add.










Reproduce code:
---------------
<?
$str = "this one \ should stay. it\'s a \"test\"";
$str = stripslashes($str);
var_dump($str);
?>

Expected result:
----------------
string(37) "this one \ should stay. it's a "test""

Actual result:
--------------
string(36) "this one should stay. it's a "test""

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-05-02 20:32 UTC] fa@php.net

This is expected behaviour and has always been this way.

[2008-05-02 21:52 UTC] c dot onogol at gmail dot com

According to the documentation, stripslashes() un-quotes strings quoted with addslashes().
The slash in the example would have never been added by addslashes() and is not escaping any quotes or backslashes.


If this is the expected behavior, then one could say the documentation is inaccurate and misleading.

Under return values it even says:
"Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\\) are made into a single backslash (\)."

I think the expected behavior one gets from the documentation differs from the actual behavior of the function. Something along the lines of "strips all backslashes" would be more accurate if the expected behavior is the one you describe


Thanks

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 18:01:28 2024 UTC