Look like someone forgot to use stripslashes on the subject and body of the messages... :)
Is there a standard for checking in patches if you have access to CVS? I've fixed this, but I wanted to check and see what the procedure was for checking in small fixes like this.
Dean
I don't understand why it should be necessary to use stripslashes in the first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body of the messages... :)
Is there a standard for checking in patches if you have access to CVS? I've fixed this, but I wanted to check and see what the procedure was for checking in small fixes like this.
Dean
Umm... That's silly. They're definitely needed. Try sending an e-mail and put quotes around something or use a single quote. The message ends up like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes in the first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body of
the
messages... :)
Is there a standard for checking in patches if you have access to CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail and put quotes around something or use a single quote. The message ends up like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes in the first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body of
the
messages... :)
Is there a standard for checking in patches if you have access to CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
Unless it's something I don't know about... However, PHP add's slashes to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul myk3ul@gmail.com wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail and put quotes around something or use a single quote. The message ends
up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
It is not silly, but I think you missed the point.
I absolutely do not disagree that people are sending "broken" emails around (where " has been escaped to ").
My point is that with a correctly set up PHP environment and provided that the Roundcube code is reasonable, the slashes should NOT appear in the first place and thus stripslashes is not necessary.
If it does appear, you should check that your PHP environment is sane (magic_quotes in particular should be off), otherwise something is broken in Roundcube, and then that should be fixed.
Adding random stripslashes calls just makes a mess of things.
/Håkan
On fre, 2006-02-17 at 10:21 -0500, Dean Jones wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail and put quotes around something or use a single quote. The message ends up like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes in the first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body of
the
messages... :)
Is there a standard for checking in patches if you have access to CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
No, it doesn't...
It only does this if magic_quotes is on, and having that turned on is not very sane.
The right thing to do really is to ensure that magic_quotes is always off in Roundcube's scope.
/Håkan
On fre, 2006-02-17 at 10:38 -0500, Dean Jones wrote:
Unless it's something I don't know about... However, PHP add's slashes to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul myk3ul@gmail.com wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail and put quotes around something or use a single quote. The message ends
up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
Hmm... Magic_quotes or not, I've always read that using stripslashes is a good way to keep code portable and usable. I see that rouncube already uses stripslashes on a lot of things, but neglects to use it here. In previous versions of roundcube, this problem did not exist. Now it does. I think that's incorrect. On all of the PHP tools I have written in the past, people have always come back and complained that they were getting slashes on words (where I forgot to add stripslashes).
I always consider that you can't assume people will always have the same environment you will and you should write code to handle circumstances that you can handle to make things cross-platform. Adding two simple lines of stripslashes() isn't going to clutter the code anymore than it is now.
On Fri, 17 Feb 2006 16:49:40 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
It is not silly, but I think you missed the point.
I absolutely do not disagree that people are sending "broken" emails around (where " has been escaped to ").
My point is that with a correctly set up PHP environment and provided that the Roundcube code is reasonable, the slashes should NOT appear in the first place and thus stripslashes is not necessary.
If it does appear, you should check that your PHP environment is sane (magic_quotes in particular should be off), otherwise something is broken in Roundcube, and then that should be fixed.
Adding random stripslashes calls just makes a mess of things.
/Håkan
On fre, 2006-02-17 at 10:21 -0500, Dean Jones wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail
and put quotes around something or use a single quote. The message ends up like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
Ok, we can just use set_magic_quotes(0), I see. I've never seen the get/set_magic_quotes function and just always removed slashes with stripslashes in order to keep code protable. I just think we should take care of it in order to stay user friendly and not force people to edit their PHP configuration just to use roundcube. Just my .02.
On Fri, 17 Feb 2006 16:51:31 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
No, it doesn't...
It only does this if magic_quotes is on, and having that turned on is not very sane.
The right thing to do really is to ensure that magic_quotes is always off in Roundcube's scope.
/Håkan
On fre, 2006-02-17 at 10:38 -0500, Dean Jones wrote:
Unless it's something I don't know about... However, PHP add's slashes
to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul myk3ul@gmail.com wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an
and put quotes around something or use a single quote. The message
ends
up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
wrote:
I don't understand why it should be necessary to use stripslashes
in
the
first place. The slashes shouldn't be there in the first place,
except
in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and
body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was
for
checking
in small fixes like this.
Dean
Yup, what Mykeul said. PHP doesn't add slashes to *any* POST data, it adds it to any post data *if and only if* the magi_quotes_gpc settings is present and flagged to true. Therefore, I suggest code at the top of the program (probably in main.inc?) that runs through the POST and GET variables and strips slashes only if magic_quotes is turned on. Alternatively, we could add slashes if magic_quotes is not turned on and then strip them at output.
There are several examples of code that do just that here:
http://us3.php.net/manual/en/function.get-magic-quotes-gpc.php
Dean Jones wrote:
Unless it's something I don't know about... However, PHP add's slashes to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul myk3ul@gmail.com wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail and put quotes around something or use a single quote. The message ends
up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
Well, I partially agree. :-)
The problem is that if one assumes that magic_quotes is on, and adds stripslashes calls as necessary in that environment, then the application will fail to work properly in environments where magic_quotes is off!
So you really have to decide what you want to support, or make a more sophisticated solution.
Most important is to be consistent. I would prefer magic_quotes off.
/Håkan
On fre, 2006-02-17 at 10:46 -0500, Dean Jones wrote:
Hmm... Magic_quotes or not, I've always read that using stripslashes is a good way to keep code portable and usable. I see that rouncube already uses stripslashes on a lot of things, but neglects to use it here. In previous versions of roundcube, this problem did not exist. Now it does. I think that's incorrect. On all of the PHP tools I have written in the past, people have always come back and complained that they were getting slashes on words (where I forgot to add stripslashes).
I always consider that you can't assume people will always have the same environment you will and you should write code to handle circumstances that you can handle to make things cross-platform. Adding two simple lines of stripslashes() isn't going to clutter the code anymore than it is now.
On Fri, 17 Feb 2006 16:49:40 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
It is not silly, but I think you missed the point.
I absolutely do not disagree that people are sending "broken" emails around (where " has been escaped to ").
My point is that with a correctly set up PHP environment and provided that the Roundcube code is reasonable, the slashes should NOT appear in the first place and thus stripslashes is not necessary.
If it does appear, you should check that your PHP environment is sane (magic_quotes in particular should be off), otherwise something is broken in Roundcube, and then that should be fixed.
Adding random stripslashes calls just makes a mess of things.
/Håkan
On fre, 2006-02-17 at 10:21 -0500, Dean Jones wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail
and put quotes around something or use a single quote. The message ends up like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
That's fine. I understand. Can we just use set_magic_quotes(0); then?
On Fri, 17 Feb 2006 17:04:42 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
Well, I partially agree. :-)
The problem is that if one assumes that magic_quotes is on, and adds stripslashes calls as necessary in that environment, then the application will fail to work properly in environments where magic_quotes is off!
So you really have to decide what you want to support, or make a more sophisticated solution.
Most important is to be consistent. I would prefer magic_quotes off.
/Håkan
On fre, 2006-02-17 at 10:46 -0500, Dean Jones wrote:
Hmm... Magic_quotes or not, I've always read that using stripslashes is
a good way to keep code portable and usable. I see that rouncube already uses stripslashes on a lot of things, but neglects to use it here. In previous versions of roundcube, this problem did not exist. Now it does. I think that's incorrect. On all of the PHP tools I have written in the past, people have always come back and complained that they were getting slashes on words (where I forgot to add stripslashes).
I always consider that you can't assume people will always have the same
environment you will and you should write code to handle circumstances that you can handle to make things cross-platform. Adding two simple lines of stripslashes() isn't going to clutter the code anymore than it is now.
On Fri, 17 Feb 2006 16:49:40 +0100, Håkan Lindqvist
lindqvist@netstar.se wrote:
It is not silly, but I think you missed the point.
I absolutely do not disagree that people are sending "broken" emails around (where " has been escaped to ").
My point is that with a correctly set up PHP environment and provided that the Roundcube code is reasonable, the slashes should NOT appear
in
the first place and thus stripslashes is not necessary.
If it does appear, you should check that your PHP environment is sane (magic_quotes in particular should be off), otherwise something is broken in Roundcube, and then that should be fixed.
Adding random stripslashes calls just makes a mess of things.
/Håkan
On fre, 2006-02-17 at 10:21 -0500, Dean Jones wrote:
Umm... That's silly. They're definitely needed. Try sending an
and put quotes around something or use a single quote. The message
ends up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes
in
the
first place. The slashes shouldn't be there in the first place,
except
in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and
body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was
for
checking
in small fixes like this.
Dean
Håkan Lindqvist wrote:
No, it doesn't...
It only does this if magic_quotes is on, and having that turned on is not very sane.
The right thing to do really is to ensure that magic_quotes is always off in Roundcube's scope.
Agreed, but as has been discussed, it's just not possible. We can't assume that people have access to change the setting. Not all administrators allow .htaccess. Roundcube must allow for magic_quotes to be turned on.
-Charles
according to this: http://us2.php.net/manual/en/security.magicquotes.disabling.php
magic_quotes can not be turned off at runtime.
-Charles
Dean Jones wrote:
Ok, we can just use set_magic_quotes(0), I see. I've never seen the get/set_magic_quotes function and just always removed slashes with stripslashes in order to keep code protable. I just think we should take care of it in order to stay user friendly and not force people to edit their PHP configuration just to use roundcube. Just my .02.
On Fri, 17 Feb 2006 16:51:31 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
No, it doesn't...
It only does this if magic_quotes is on, and having that turned on is not very sane.
The right thing to do really is to ensure that magic_quotes is always off in Roundcube's scope.
/Håkan
On fre, 2006-02-17 at 10:38 -0500, Dean Jones wrote:
Unless it's something I don't know about... However, PHP add's slashes
to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul myk3ul@gmail.com wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an
and put quotes around something or use a single quote. The message
ends
up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
wrote:
I don't understand why it should be necessary to use stripslashes
in
the
first place. The slashes shouldn't be there in the first place,
except
in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote: > Look like someone forgot to use stripslashes on the subject and
body
of
the > messages... :) > > Is there a standard for checking in patches if you have access to
CVS?
I've > fixed this, but I wanted to check and see what the procedure was
for
checking > in small fixes like this. > > Dean > > >
Ahh... I thought that's what set_magic_quotes_runtime() did. I see now it's gpc and it can't be set at runtime. Excellent. :)
On Fri, 17 Feb 2006 10:03:29 -0600, Charles McNulty charles@charlesmcnulty.com wrote:
Yup, what Mykeul said. PHP doesn't add slashes to *any* POST data, it adds it to any post data *if and only if* the magi_quotes_gpc settings is present and flagged to true. Therefore, I suggest code at the top of the program (probably in main.inc?) that runs through the POST and GET variables and strips slashes only if magic_quotes is turned on. Alternatively, we could add slashes if magic_quotes is not turned on and then strip them at output.
There are several examples of code that do just that here:
http://us3.php.net/manual/en/function.get-magic-quotes-gpc.php
Dean Jones wrote:
Unless it's something I don't know about... However, PHP add's slashes
to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul myk3ul@gmail.com wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an
and put quotes around something or use a single quote. The message
ends
up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place,
except
in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
if (get_magic_quotes_gpc()) { array_walk_recursive($_POST, 'stripslashes'); }
That seems to be a reasonable solution...
On Fri, 17 Feb 2006 10:03:29 -0600, Charles McNulty charles@charlesmcnulty.com wrote:
Yup, what Mykeul said. PHP doesn't add slashes to *any* POST data, it adds it to any post data *if and only if* the magi_quotes_gpc settings is present and flagged to true. Therefore, I suggest code at the top of the program (probably in main.inc?) that runs through the POST and GET variables and strips slashes only if magic_quotes is turned on. Alternatively, we could add slashes if magic_quotes is not turned on and then strip them at output.
There are several examples of code that do just that here:
http://us3.php.net/manual/en/function.get-magic-quotes-gpc.php
Dean Jones wrote:
Unless it's something I don't know about... However, PHP add's slashes
to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul myk3ul@gmail.com wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an
and put quotes around something or use a single quote. The message
ends
up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place,
except
in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
On Fri, 17 Feb 2006 10:21:20 -0500, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail and put quotes around something or use a single quote. The message ends up like this:
Interesting, I didn't think the problem was on my end, but it was (I suppose something changed in RC a few weeks back, and my server then showed symtoms?) So in php.ini I've turned them OFF for every magic_quotes_*
; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off ;magic_quotes_gpc = On
P
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist lindqvist@netstar.se wrote:
I don't understand why it should be necessary to use stripslashes in the first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body of
the
messages... :)
Is there a standard for checking in patches if you have access to CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
-
Charles McNulty -
Dean Jones -
Håkan Lindqvist -
Mykeul -
phil