someone tell me if I'm nuts, but isn't stripslashes_deep on $_SERVER a bad thing?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

someone tell me if I'm nuts, but isn't stripslashes_deep on $_SERVER a bad thing?

David Chait
I was trying to test out WP-Cache under WP2[trunk], and I'm on a WAMP setup
here.  Fixed a few problems related to being on windows (using symlink
functions... grrr...) that was killing initial testing the admin panel does.
Then got the panel to show up, everything looking good so far.

BUT THEN, I try to click Enable It, and get an error about not being able to
find a file.  hmmm.

The panel (and posted) URL is something like:
http://localhost/wp20test/wp-admin/options-general.php?page=wp-cache\wp-cache.php

Since the POST is being done to $_SERVER['REQUEST_URI'], which gets
stripped, the POST URL is actually turned into:
http://localhost/wp20test/wp-admin/options-general.php?page=wp-cachewp-cache.php

... which blows the admin panel's ability to do form POSTs.  Now, in theory,
I could make the action="", right?  ("" == current URI, no?).  (I just
switched all the REQUEST_URI's to blanks, that seemed to work for the Enable
button...)

Anyhow, isn't it a bad thing to do stripslashes on potentially
validly-backslashed strings like a windows path?  Should stripslashes be run
at ALL on $_SERVER (my own projects I've only ever done so on
get/post/cookie...)?

(Hey, while I'm asking wacky questions, anyone have an idea why when I click
the Admin : Options : Permalink tab, Apache crashes?  This is Wampserver,
apache 1.3.x, php5...  I >think< rewrites were working in an older WP1.5
build, same box...)

Thanks,

-d

_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: someone tell me if I'm nuts, but isn't stripslashes_deep on $_SERVER a bad thing?

Mark Jaquith
On Feb 17, 2006, at 12:04 AM, David Chait wrote:

> (Hey, while I'm asking wacky questions, anyone have an idea why  
> when I click
> the Admin : Options : Permalink tab, Apache crashes?  This is  
> Wampserver,
> apache 1.3.x, php5...  I >think< rewrites were working in an older  
> WP1.5
> build, same box...)

Because of this bug, likely:
http://trac.wordpress.org/ticket/2367
--
Mark Jaquith
http://txfx.net/


_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Loading...