Well, I partially agree. :-)
The problem is that if one assumes that magic_quotes is on, and adds stripslashes calls as necessary in that environment, then the application will fail to work properly in environments where magic_quotes is off!
So you really have to decide what you want to support, or make a more sophisticated solution.
Most important is to be consistent. I would prefer magic_quotes off.
/Håkan
On fre, 2006-02-17 at 10:46 -0500, Dean Jones wrote:
Hmm... Magic_quotes or not, I've always read that using stripslashes is a good way to keep code portable and usable. I see that rouncube already uses stripslashes on a lot of things, but neglects to use it here. In previous versions of roundcube, this problem did not exist. Now it does. I think that's incorrect. On all of the PHP tools I have written in the past, people have always come back and complained that they were getting slashes on words (where I forgot to add stripslashes).
I always consider that you can't assume people will always have the same environment you will and you should write code to handle circumstances that you can handle to make things cross-platform. Adding two simple lines of stripslashes() isn't going to clutter the code anymore than it is now.
On Fri, 17 Feb 2006 16:49:40 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
It is not silly, but I think you missed the point.
I absolutely do not disagree that people are sending "broken" emails around (where " has been escaped to ").
My point is that with a correctly set up PHP environment and provided that the Roundcube code is reasonable, the slashes should NOT appear in the first place and thus stripslashes is not necessary.
If it does appear, you should check that your PHP environment is sane (magic_quotes in particular should be off), otherwise something is broken in Roundcube, and then that should be fixed.
Adding random stripslashes calls just makes a mess of things.
/Håkan
On fre, 2006-02-17 at 10:21 -0500, Dean Jones wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail
and put quotes around something or use a single quote. The message ends up like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean