On servers running PHP <= 5.4 which have `magic_quotes_sybase` enabled, the superglobals need to be magic-quoted before `magic_quotes_sybase` is subsequently disabled to avoid incorrect un-slashing. This must surely effect a miniscule number of servers, but so be it.
Fixes #19455 Props summerblue, kurtpayne, lucatume git-svn-id: https://develop.svn.wordpress.org/trunk@35639 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
0792eaf237
commit
b32cf6875f
|
@ -603,6 +603,9 @@ function wp_magic_quotes() {
|
||||||
$_COOKIE = stripslashes_deep( $_COOKIE );
|
$_COOKIE = stripslashes_deep( $_COOKIE );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Turn off sybase quoting after stripslashes has run
|
||||||
|
@ini_set( 'magic_quotes_sybase', 0 );
|
||||||
|
|
||||||
// Escape with wpdb.
|
// Escape with wpdb.
|
||||||
$_GET = add_magic_quotes( $_GET );
|
$_GET = add_magic_quotes( $_GET );
|
||||||
$_POST = add_magic_quotes( $_POST );
|
$_POST = add_magic_quotes( $_POST );
|
||||||
|
|
|
@ -46,7 +46,6 @@ wp_check_php_mysql_versions();
|
||||||
|
|
||||||
// Disable magic quotes at runtime. Magic quotes are added using wpdb later in wp-settings.php.
|
// Disable magic quotes at runtime. Magic quotes are added using wpdb later in wp-settings.php.
|
||||||
@ini_set( 'magic_quotes_runtime', 0 );
|
@ini_set( 'magic_quotes_runtime', 0 );
|
||||||
@ini_set( 'magic_quotes_sybase', 0 );
|
|
||||||
|
|
||||||
// WordPress calculates offsets from UTC.
|
// WordPress calculates offsets from UTC.
|
||||||
date_default_timezone_set( 'UTC' );
|
date_default_timezone_set( 'UTC' );
|
||||||
|
|
|
@ -0,0 +1,91 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group load
|
||||||
|
*/
|
||||||
|
class Tests_Load extends WP_UnitTestCase {
|
||||||
|
|
||||||
|
public function setUp() {
|
||||||
|
parent::setUp();
|
||||||
|
ini_set( 'magic_quotes_sybase', 1 );
|
||||||
|
}
|
||||||
|
|
||||||
|
public function tearDown() {
|
||||||
|
unset( $_GET['ticket_19455'] );
|
||||||
|
unset( $_POST['ticket_19455'] );
|
||||||
|
unset( $_COOKIE['ticket_19455'] );
|
||||||
|
unset( $_SERVER['ticket_19455'] );
|
||||||
|
ini_set( 'magic_quotes_sybase', 0 );
|
||||||
|
parent::tearDown();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function data_strings_and_expected_strings() {
|
||||||
|
return array(
|
||||||
|
array( 'A string with no quotes', 'A string with no quotes' ),
|
||||||
|
array( "Charlie's Little Cat", "Charlie\\'s Little Cat" ),
|
||||||
|
array( "A string with many quotes''''''", "A string with many quotes\\'\\'\\'\\'\\'\\'" ),
|
||||||
|
array(
|
||||||
|
"A string with quotes ' in '' different ''' places''''",
|
||||||
|
"A string with quotes \\' in \\'\\' different \\'\\'\\' places\\'\\'\\'\\'"
|
||||||
|
),
|
||||||
|
array( "A string with 'quoted' words", "A string with \\'quoted\\' words" ),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* String in $_GET array is modified as expected
|
||||||
|
*
|
||||||
|
* @dataProvider data_strings_and_expected_strings
|
||||||
|
* @ticket 19455
|
||||||
|
*/
|
||||||
|
public function test_string_in_GET_array_is_modified_as_expected( $original, $expected ) {
|
||||||
|
$_GET['ticket_19455'] = $original;
|
||||||
|
|
||||||
|
wp_magic_quotes();
|
||||||
|
|
||||||
|
$this->assertEquals( $expected, $_GET['ticket_19455'] );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* String in $_POST array is modified as expected
|
||||||
|
*
|
||||||
|
* @dataProvider data_strings_and_expected_strings
|
||||||
|
* @ticket 19455
|
||||||
|
*/
|
||||||
|
public function test_string_in_POST_array_is_modified_as_expected( $original, $expected ) {
|
||||||
|
$_POST['ticket_19455'] = $original;
|
||||||
|
|
||||||
|
wp_magic_quotes();
|
||||||
|
|
||||||
|
$this->assertEquals( $expected, $_POST['ticket_19455'] );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* String in $_COOKIE array is modified as expected
|
||||||
|
*
|
||||||
|
* @dataProvider data_strings_and_expected_strings
|
||||||
|
* @ticket 19455
|
||||||
|
*/
|
||||||
|
public function test_string_in_COOKIE_array_is_modified_as_expected( $original, $expected ) {
|
||||||
|
$_COOKIE['ticket_19455'] = $original;
|
||||||
|
|
||||||
|
wp_magic_quotes();
|
||||||
|
|
||||||
|
$this->assertEquals( $expected, $_COOKIE['ticket_19455'] );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* String in $_SERVER array is modified as expected
|
||||||
|
*
|
||||||
|
* @dataProvider data_strings_and_expected_strings
|
||||||
|
* @ticket 19455
|
||||||
|
*/
|
||||||
|
public function test_string_in_SERVER_array_is_modified_as_expected( $original, $expected ) {
|
||||||
|
$_SERVER['ticket_19455'] = $original;
|
||||||
|
|
||||||
|
wp_magic_quotes();
|
||||||
|
|
||||||
|
$this->assertEquals( $expected, $_SERVER['ticket_19455'] );
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue