Re: stripslashes

Fri, 17 Feb 2006 08:15:22 -0800 

according to this:
http://us2.php.net/manual/en/security.magicquotes.disabling.php

magic_quotes can not be turned off at runtime.

-Charles

Dean Jones wrote:

Ok, we can just use set_magic_quotes(0), I see.  I've never seen the 
get/set_magic_quotes function and just always removed slashes with stripslashes 
in order to keep code protable.  I just think we should take care of it in 
order to stay user friendly and not force people to edit their PHP 
configuration just to use roundcube.  Just my .02.



On Fri, 17 Feb 2006 16:51:31 +0100, Håkan Lindqvist <[EMAIL PROTECTED]> wrote:

No, it doesn't...

It only does this if magic_quotes is on, and having that turned on is
not very sane.

The right thing to do really is to ensure that magic_quotes is always
off in Roundcube's scope.


/Håkan


On fre, 2006-02-17 at 10:38 -0500, Dean Jones wrote:

Unless it's something I don't know about... However, PHP add's slashes

to quote to any POST data.  That's why PHP has a built in function called
stripslashes and addslashes.  You're supposed to run stripslashes on any
POST data that is to be displayed, really... 
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul <[EMAIL PROTECTED]> wrote:

It is the magic_quotes problem, isnt it ?


On 2/17/06, Dean Jones <[EMAIL PROTECTED]> wrote:

Umm...  That's silly.  They're definitely needed.  Try sending an

e-mail

and put quotes around something or use a single quote.  The message

ends

up

like this:

He said \"Hi\"

and

Wouldn\'t you like to know.


Using stripslashes removes those uneccessary escape slashes around

quotes.

It's absolutely needed.



On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist

<[EMAIL PROTECTED]>

wrote:

I don't understand why it should be necessary to use stripslashes

in

the

first place. The slashes shouldn't be there in the first place,

except

in SQL queries.

To me it seems that stripslashes isn't what we're looking for.


/Håkan

On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:

Look like someone forgot to use stripslashes on the subject and

body

of

the

messages...    :)

Is there a standard for checking in patches if you have access to

CVS?

I've

fixed this, but I wanted to check and see what the procedure was

for

checking

in small fixes like this.

Dean

Reply via email to