Magic Quotes. =(

[sathanna]

Here is my problem... I am using WordPress, and I have a Theme called '42 Walls'. This theme allows me to change a bunch of stuff via a menu in the admin area.. one of these options is to add some adverts. I am to copy paste my ad code into a designated area, select yes and save.

However: I do this, check my website and nothing shows. At first I thought it just was not saving properly, but it is actually just adding some slashes in front of the quotes (eg. \" )

After some googling I figured out this was called Magic Quotes.

After some searching on the forums here I found out it seems impossible to turn off Magic Quotes.

I found one thing that may help...Does that stripslashes thing work? =/ Thing is I have no idea where to put it. I can edit the theme's code... so I am thinking I will try and put the stripslashes thingy there...
Though where I think it should go, all it talks about is arrays... which are just text, right? So I must not be looking in the right place.

I don't know what to do to get the Magic Quotes thing to stop! If you have any advice on what might be a good thing to look for to put the stripslashes in, or if there is another way of doing it... please help?


Thanks!


EDIT::

Actually, I think I found where it might work...

case 'advert':
?>

<div style="width:704px; padding:0px 0px 10px; margin:0px 0px 10px;"><span style="font-family:Arial, sans-serif; font-size:16px;color:#444; display:block; padding:5px 0px;">
<?php echo $value['name']; ?></span>
<textarea name="<?php echo $value['id']; ?>" id="<?php echo $value['id']; ?>" cols="80" rows="3"><?php if ( get_option( $value['id'] ) !== FALSE) { echo format_to_edit(get_option( $value['id'] )); } else { echo format_to_edit($value['std']); } ?></textarea>
<span style="font-family:Arial, sans-serif; font-size:12px; color:#444; display:block; padding:5px 0px;">
<?php echo $value['desc']; ?>
</span>
</div>
<?php
break;

Still no idea where I would put it or if this is even the right place. >_<;

 

[garrettroyce]

Magic quotes only affects user inputs from GET and POST (the URL and form data). It will not take the value of a variable and quote it. The code above doesn't include either of those superglobal variables, so you need to find out where $value['std'] is being assigned a value.

Luckily, magic_quotes_gpc is deprecated as of PHP 5.3, so when X10 upgrades, it should go away.

 

[sathanna]

Okay, I will look and see if I can find anything with that $value thingy. Thank you.

Any idea when x10 is going to upgrade? ^.^;

 

[garrettroyce]

Okay, I will look and see if I can find anything with that $value thingy. Thank you.

Any idea when x10 is going to upgrade? ^.^;

Not soon. I already spoke to Corey about this. PHP 5.3 will break a lot of software built for PHP 5.2 that isn't ready for the upgrade.

 

[sathanna]

Oh well, guess I'll just have to fiddle around some more...

Okay anyway, so I've had a look... and I have found this and a few other similar things:

<input style="width:100px;" name="<?php echo $value['id']; ?>" id="<?php echo $value['id']; ?>" type="<?php echo $value['type']; ?>" value="<?php if ( get_settings( $value['id'] ) != "") { echo stripslashes(get_settings( $value['id'] )); } else { echo stripslashes($value['std']); }

So the stripslashes thing is already being used... but I guess it is just not working? Or it is just not on the right area I guess... am I even close to looking for the right thing?

I am tempted to post up the content of my whole themefunctions.php and maybe someone could spot where I could put it, because it is the only logical place it could be in. But I guess I'll just keep trying to figure it out.

 

[garrettroyce]

Try posting in programming help. There are many people there who may already be familiar with the solution.

http://forums.x10hosting.com/programming-help

 

[galaxyAbstractor]

Magic quotes only affects user inputs from GET and POST (the URL and form data). It will not take the value of a variable and quote it. The code above doesn't include either of those superglobal variables, so you need to find out where $value['std'] is being assigned a value.

Luckily, magic_quotes_gpc is deprecated as of PHP 5.3, so when X10 upgrades, it should go away.

Thing is, he is telling he uses a POST field in the wp admin to add the code, here is where the slashes may be added.

Either, you would have to put the ad-code manually now, or find a way around (stripslashes() on the echo might work)

 

[garrettroyce]

Thing is, he is telling he uses a POST field in the wp admin to add the code, here is where the slashes may be added.

Either, you would have to put the ad-code manually now, or find a way around (stripslashes() on the echo might work)

I see, you're right. I haven't used Wordpress, so I thought something else was happening.

 

[sathanna]

Thing is, he is telling he uses a POST field in the wp admin to add the code, here is where the slashes may be added.

Either, you would have to put the ad-code manually now, or find a way around (stripslashes() on the echo might work)

Thank you for helping. I have actually managed to stop the slashes from showing up! I did this by pretty much adding stipslashes to every echo I could see in the advert area. xD

case 'advert':
?>

<div style="width:704px; padding:0px 0px 10px; margin:0px 0px 10px;"><span style="font-family:Arial, sans-serif; font-size:16px;color:#444; display:block; padding:5px 0px;">
<?php echo stripslashes ( $value['name'] ); ?></span>
<textarea name="<?php echo stripslashes ( $value['id'] ); ?>" id="<?php echo stripslashes ( $value['id'] ); ?>" cols="80" rows="3"><?php if ( get_option( $value['id'] ) !== FALSE) { echo stripslashes ( format_to_edit(get_option( $value['id'] ) )); } else { echo stripslashes ( format_to_edit ($value['std']) ); } ?></textarea>
    <span style="font-family:Arial, sans-serif; font-size:12px; color:#444; display:block; padding:5px 0px;">
        <?php echo stripslashes ( $value['desc'] ); ?>
    </span>
</div>
<?php
break;

However, it only works for the menu area, when I actually visit the website and look at the source code, the slashes are still there (no advertisement shows up). =(

Any idea on how where to go from here? :dunno:

I'd like to avoid trying to figure out where the heck to put the advert code manually. I feel like I'm closer to this answer than that one!

 

[garrettroyce]

I believe Viggie_swe was saying when the code is input, then the slashes are added, which is easier than adding a stripslashes to every output. Also, be aware that what you are doing now will change how your code works with magic quotes is disabled!

Consider this:

this is your input: "\\example_windows_path_to\networked_resource"
magic quotes: "\\\\example_windows_path_to\\networked_resource"
stripslashes: "\\example_windows_path_to\networked_resource"

now, magic quotes is off:
this is your input: "\\example_windows_path_to\networked_resource"
no magic quotes!: "\\example_windows_path_to\networked_resource"
stripslashes: "\example_windows_path_tonetworked_resource"

What you need to do for every output effected is:

get_magic_quotes_gpc() == 0 ? echo $var : echo stripslashes($var)

or for every input effected is:

$var = get_magic_quotes_gpc() == 0 ? $_POST['var'] : stripslashes($_POST['var'])

Otherwise you have to redo your code when magic quotes is fixed (removed :biggrin

 

[misson]

It might be worse than you think. Alex Choo states back in 2007 that WordPress escapes quotes even when magic quotes is turned off. The offending lines are in wp-settings.php, though editing this file is a brittle solution. If you ever upgrade WordPress, it's easy to forget that you customized this file. The theme is the correct place to fix the offending behavior--though it might be a trick to find where in the theme to edit.

 

[sathanna]

I believe Viggie_swe was saying when the code is input, then the slashes are added, which is easier than adding a stripslashes to every output. Also, be aware that what you are doing now will change how your code works with magic quotes is disabled!

Consider this:

this is your input: "\\example_windows_path_to\networked_resource"
magic quotes: "\\\\example_windows_path_to\\networked_resource"
stripslashes: "\\example_windows_path_to\networked_resource"

now, magic quotes is off:
this is your input: "\\example_windows_path_to\networked_resource"
no magic quotes!: "\\example_windows_path_to\networked_resource"
stripslashes: "\example_windows_path_tonetworked_resource"

What you need to do for every output effected is:

get_magic_quotes_gpc() == 0 ? echo $var : echo stripslashes($var)

or for every input effected is:

$var = get_magic_quotes_gpc() == 0 ? $_POST['var'] : stripslashes($_POST['var'])

Otherwise you have to redo your code when magic quotes is fixed (removed :biggrin

Oh... well, now I am just confused. x_x I am not sure exactly how to put them in. It was hard enough figuring out where to put just the stripslashes thing so it wouldn't cause an error. I guess I'll fiddle around with it a bit and see if I can figure it out.


misson, thanks for telling, I didn't think wordpress was the problem too! no wonder the theme itself was using stripslashes commands and such already.

Is it possible that both with both wordpress AND x10 using magic quotes, that it is somehow making it worse? x_x

*sigh* php is difficult.

 

[misson]

Is it possible that both with both wordpress AND x10 using magic quotes, that it is somehow making it worse?

According to the article, WordPress calls stripslashes if magic_quotes_gpc is set, then adds slashes. It's not worse per se, since there's only one round of quote escaping but there are two systems you'd need to change to prevent escaping quotes. If you alter the theme to remove slashes, then it doesn't matter where they were added in the first place.