That's fine. I understand. Can we just use set_magic_quotes(0); then?
On Fri, 17 Feb 2006 17:04:42 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
Well, I partially agree. :-)
The problem is that if one assumes that magic_quotes is on, and adds stripslashes calls as necessary in that environment, then the application will fail to work properly in environments where magic_quotes is off!
So you really have to decide what you want to support, or make a more sophisticated solution.
Most important is to be consistent. I would prefer magic_quotes off.
/Håkan
On fre, 2006-02-17 at 10:46 -0500, Dean Jones wrote:
Hmm... Magic_quotes or not, I've always read that using stripslashes is
a good way to keep code portable and usable. I see that rouncube already uses stripslashes on a lot of things, but neglects to use it here. In previous versions of roundcube, this problem did not exist. Now it does. I think that's incorrect. On all of the PHP tools I have written in the past, people have always come back and complained that they were getting slashes on words (where I forgot to add stripslashes).
I always consider that you can't assume people will always have the same
environment you will and you should write code to handle circumstances that you can handle to make things cross-platform. Adding two simple lines of stripslashes() isn't going to clutter the code anymore than it is now.
On Fri, 17 Feb 2006 16:49:40 +0100, Håkan Lindqvist
lindqvist@netstar.se wrote:
It is not silly, but I think you missed the point.
I absolutely do not disagree that people are sending "broken" emails around (where " has been escaped to ").
My point is that with a correctly set up PHP environment and provided that the Roundcube code is reasonable, the slashes should NOT appear
in
the first place and thus stripslashes is not necessary.
If it does appear, you should check that your PHP environment is sane (magic_quotes in particular should be off), otherwise something is broken in Roundcube, and then that should be fixed.
Adding random stripslashes calls just makes a mess of things.
/Håkan
On fre, 2006-02-17 at 10:21 -0500, Dean Jones wrote:
Umm... That's silly. They're definitely needed. Try sending an
and put quotes around something or use a single quote. The message
ends up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes
in
the
first place. The slashes shouldn't be there in the first place,
except
in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and
body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was
for
checking
in small fixes like this.
Dean