admin管理员组文章数量:1391960
I have a custom front end form which creates a custom post type post and have just discovered WordPress automatically escapes $_POST data in the same way that Magic Quotes does.
I have Magic Quotes disabled and have created a test form that I run on the same domain. When run on it's own, no data is escaped. However when I run it as a page template for a WordPress page the raw $_POST data is escaped, i.e. using print_r($_POST) so before there has been any processing done.
I have also tried this with multiple themes and the same result.
Anyone know where / how to shut this off? Is there a filter I can suppress for this form?
Cheers.
I have a custom front end form which creates a custom post type post and have just discovered WordPress automatically escapes $_POST data in the same way that Magic Quotes does.
I have Magic Quotes disabled and have created a test form that I run on the same domain. When run on it's own, no data is escaped. However when I run it as a page template for a WordPress page the raw $_POST data is escaped, i.e. using print_r($_POST) so before there has been any processing done.
I have also tried this with multiple themes and the same result.
Anyone know where / how to shut this off? Is there a filter I can suppress for this form?
Cheers.
Share Improve this question asked Nov 27, 2011 at 22:08 patnzpatnz 1,4591 gold badge15 silver badges21 bronze badges2 Answers
Reset to default 5No, but you can just run stripslashes on it.
Worth having a read of the trac bug here: https://core.trac.wordpress/ticket/18322
In short, you can use stripslashes as onetrickpony already mentioned, or wp_unslash, to remove the slashes from your $_POST vars.
本文标签: securityStop wordpress automatically escaping POST data
版权声明:本文标题:security - Stop wordpress automatically escaping $_POST data 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744769236a2624233.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论