Created
August 21, 2010 12:10
-
-
Save timwhitlock/542222 to your computer and use it in GitHub Desktop.
The most evil PHP function in the World (courtesy of Wordpress)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Add magic quotes to $_GET, $_POST, $_COOKIE, and $_SERVER. | |
| * | |
| * Also forces $_REQUEST to be $_GET + $_POST. If $_SERVER, $_COOKIE, | |
| * or $_ENV are needed, use those superglobals directly. | |
| * | |
| * @access private | |
| * @since 3.0.0 | |
| */ | |
| function wp_magic_quotes() { | |
| // If already slashed, strip. | |
| if ( get_magic_quotes_gpc() ) { | |
| $_GET = stripslashes_deep( $_GET ); | |
| $_POST = stripslashes_deep( $_POST ); | |
| $_COOKIE = stripslashes_deep( $_COOKIE ); | |
| } | |
| // Escape with wpdb. | |
| $_GET = add_magic_quotes( $_GET ); | |
| $_POST = add_magic_quotes( $_POST ); | |
| $_COOKIE = add_magic_quotes( $_COOKIE ); | |
| $_SERVER = add_magic_quotes( $_SERVER ); | |
| // Force REQUEST to be GET + POST. | |
| $_REQUEST = array_merge( $_GET, $_POST ); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment