We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v4.3.0
I expected the captured request data to not be slashed because the whole idea of wp_magic_quotes is crazy.
https://core.trac.wordpress.org/ticket/18322
The captured request data is slashed.
AFAICT this seems like the most appropriate fix:
// Undo wp_magic_quotes() $_GET = stripslashes_deep($_GET); $_POST = stripslashes_deep($_POST); $_COOKIE = stripslashes_deep($_COOKIE); $_SERVER = stripslashes_deep($_SERVER); $_REQUEST = array_merge($_GET, $_POST); // Capture request $request = Request::capture(); // Redo wp_magic_quotes() wp_magic_quotes();
Here's a custom bootstrap workaround that seems OK after minimal testing:
<?php declare(strict_types=1); namespace App\Bootstrap; use Illuminate\Contracts\Foundation\Application; use Illuminate\Http\Request; class UndoWpMagicQuotes { public function bootstrap(Application $app): void { /** @var Request $request */ $request = $app->make('request'); $request->query->replace(stripslashes_deep($_GET)); $request->request->replace(stripslashes_deep($_POST)); $request->cookies->replace(stripslashes_deep($_COOKIE)); $request->server->replace(stripslashes_deep($_SERVER)); } }
/?foo=\
app('request')->get('foo')
\\
php:8.1-fpm docker image under Pop!_OS 22.04 LTS.
php:8.1-fpm
Pop!_OS 22.04 LTS
No response
Yes
The text was updated successfully, but these errors were encountered:
That workaround breaks request when it's derived from the request body.
request
Here's a fixed version:
<?php declare(strict_types=1); namespace App\Bootstrap; use Illuminate\Contracts\Foundation\Application; use Illuminate\Http\Request; use function array_merge; /** * Workaround for wp_magic_quotes() being applied to the captured request. * * @see https://github.com/roots/acorn/issues/408 */ class UndoWpMagicQuotes { public function bootstrap(Application $app): void { // Undo wp_magic_quotes() $_GET = stripslashes_deep($_GET); $_POST = stripslashes_deep($_POST); $_COOKIE = stripslashes_deep($_COOKIE); $_SERVER = stripslashes_deep($_SERVER); $_REQUEST = array_merge($_GET, $_POST); // Capture request $tempRequest = Request::capture(); // Replace bound data /** @var Request $request */ $request = $app->make('request'); $request->query->replace($tempRequest->query->all()); $request->request->replace($tempRequest->request->all()); $request->cookies->replace($tempRequest->cookies->all()); $request->server->replace($tempRequest->server->all()); // Redo wp_magic_quotes() wp_magic_quotes(); } }
Sorry, something went wrong.
No branches or pull requests
Version
v4.3.0
What did you expect to happen?
I expected the captured request data to not be slashed because the whole idea of wp_magic_quotes is crazy.
https://core.trac.wordpress.org/ticket/18322
What actually happens?
The captured request data is slashed.
AFAICT this seems like the most appropriate fix:
Here's a custom bootstrap workaround that seems OK after minimal testing:
Steps to reproduce
/?foo=\
app('request')->get('foo')
\\
System info
php:8.1-fpm
docker image underPop!_OS 22.04 LTS
.Log output
No response
Please confirm this isn't a support request.
Yes
The text was updated successfully, but these errors were encountered: