Undo magic_quotes_gpc settings for the user

[chugadie]

If magic quotes is on, RC can easily remove the quotes and not burden the user with extra configuration settings.

         if (get_magic_quotes_gpc() ) {
                        $stripquotes = create_function('&$data, $self',
                        'if (is_array($data)) foreach ($data as $k=>$v) $self($data[$k], $self); '.
                        'else $data = stripslashes($data);');
                        $stripquotes($_POST,$stripquotes);
                        $stripquotes($_GET,$stripquotes);
                        $stripquotes($_COOKIE,$stripquotes);
                }

[thomasb]

Altering superglobals is not a good solution.

[alec]

There's stripslashes call in get_input_value() also magic_quotes is set in iniset.php. I don't see any sense in proposed solution other than removing magic_quotes check from installer. Decide before 0.2-stable release.

[thomasb]

One needs to verify if the current mechanism of get_input_value() works with magic_quotes enabled in php.ini.

[alec]

I've made some tests and everything looks good. Also I've found that we should handle magic_quotes_sybase in get_input_value():

  // strip single quotes if magic_quotes_sybase is enabled
  if (ini_get('magic_quotes_sybase'))
    $value = str_replace("''", "'", $value);
  // strip slashes if magic_quotes_gpc is enabled
  else if (get_magic_quotes_gpc())
    $value = stripslashes($value);

... and then we could remove from installer checks for those options.

[alec]

About *_sybase, there are places where addslashes() is used and they need care. E.g. rep_specialchars_output().

[thomasb]

Fixed in [6e47c0be]