使用“魔术报价”禁用，为什么PHP / Wordpress继续自动转义我的POST数据？ [英] With "magic quotes" disabled, why does PHP/Wordpress continue to auto-escape my POST data?

问题描述

get_magic_quotes_gpc（）报告0.我重复一遍，魔术报价关闭魔术报价在 php.ini （不在运行时）被禁用。

然而，所有POST数据包括单引号（'）在PHP访问时被转义。可能导致这种情况？

谢谢。

---

编辑：
对于好奇，这是我们phpinfo的截图：
http://img843.imageshack.us/img843/6959/screenshot20120120at552.png

---

编辑：在准备测试用例时，我发现了问题的一般起因。我们正在引导Wordpress，因为我们的应用程序与WP Multisite安装集成。禁用Wordpress自举功能时，禁用自动转义功能。有谁知道Wordpress的自动转义代码可能位于哪里？

解决方案

我想我发现了。问题（错误）： http://core.trac.wordpress.org/ticket/18322

解决方案： http://codex.wordpress.org/Function_Reference/stripslashes_deep

  $ _GET = array_map（'stripslashes_deep'，$ _GET）; 
 $ _POST = array_map（'stripslashes_deep'，$ _POST）; 
 $ _COOKIE = array_map（'stripslashes_deep'，$ _COOKIE）; 
 $ _SERVER = array_map（'stripslashes_deep'，$ _SERVER）; 
 $ _REQUEST = array_map（'stripslashes_deep'，$ _REQUEST）; 
  

---

注意：根据@Alexandar O'Mara的建议你可能想重新考虑覆盖这样的超级桌面。例如，如果适用于您的情况，则可以使用 $ post = array_map（'stripslashes_deep'，$ _POST）;

>

另请参阅@ quickshiftin的出色答案。

It's a simple question with a strangely elusive answer.

get_magic_quotes_gpc() reports 0. I repeat, magic quotes are off. Magic quotes appear to have been disabled in php.ini (not at runtime).

Nevertheless, all POST data including single quotes (') is escaped when accessed in PHP. What could be causing this?

Thank you.

---

Edit: For the curious, this is a screenshot of our phpinfo: http://img843.imageshack.us/img843/6959/screenshot20120120at552.png

---

Edit: While preparing a test case, I discovered the general origin of the problem. We're bootstrapping Wordpress as our app integrates with a WP Multisite installation. When I disable the Wordpress bootstrapping, the auto-escaping is disabled. Does anyone know where Wordpress' auto-escape code may be located?

解决方案

I think I found it. Problem (bug): http://core.trac.wordpress.org/ticket/18322

Solution: http://codex.wordpress.org/Function_Reference/stripslashes_deep

    $_GET       = array_map('stripslashes_deep', $_GET);
    $_POST      = array_map('stripslashes_deep', $_POST);
    $_COOKIE    = array_map('stripslashes_deep', $_COOKIE);
    $_SERVER    = array_map('stripslashes_deep', $_SERVER);
    $_REQUEST   = array_map('stripslashes_deep', $_REQUEST);

---

Note: As suggested by @Alexandar O'Mara, you might want to reconsider overwriting the superglobals like this. If it's appropriate for your situation, for example, you might just "strip locally" using an alternative like $post = array_map('stripslashes_deep', $_POST);

Also see @quickshiftin's excellent answer.

这篇关于使用“魔术报价”禁用，为什么PHP / Wordpress继续自动转义我的POST数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！