The captured request data is slashed because of the insanity that is wp_magic_quotes() #408
Description
Version
v4.3.0
What did you expect to happen?
I expected the captured request data to not be slashed because the whole idea of wp_magic_quotes is crazy.
https://core.trac.wordpress.org/ticket/18322
What actually happens?
The captured request data is slashed.
AFAICT this seems like the most appropriate fix:
// Undo wp_magic_quotes()
$_GET = stripslashes_deep($_GET);
$_POST = stripslashes_deep($_POST);
$_COOKIE = stripslashes_deep($_COOKIE);
$_SERVER = stripslashes_deep($_SERVER);
$_REQUEST = array_merge($_GET, $_POST);
// Capture request
$request = Request::capture();
// Redo wp_magic_quotes()
wp_magic_quotes();Here's a custom bootstrap workaround that seems OK after minimal testing:
<?php
declare(strict_types=1);
namespace App\Bootstrap;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Http\Request;
class UndoWpMagicQuotes
{
public function bootstrap(Application $app): void
{
/** @var Request $request */
$request = $app->make('request');
$request->query->replace(stripslashes_deep($_GET));
$request->request->replace(stripslashes_deep($_POST));
$request->cookies->replace(stripslashes_deep($_COOKIE));
$request->server->replace(stripslashes_deep($_SERVER));
}
}Steps to reproduce
- Make a request to
/?foo=\ - Call
app('request')->get('foo') - Watch the returned value be
\\
System info
php:8.1-fpm docker image under Pop!_OS 22.04 LTS.
Log output
No response
Please confirm this isn't a support request.
Yes