From 45658705f312fa5cc07ff835e880c8be24611dc9 Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Sun, 15 Nov 2015 23:00:28 +0000 Subject: [PATCH] On servers running PHP <= 5.4 which have `magic_quotes_sybase` enabled, the superglobals need to be magic-quoted before `magic_quotes_sybase` is subsequently disabled to avoid incorrect un-slashing. This must surely effect a miniscule number of servers, but so be it. Fixes #19455 Props summerblue, kurtpayne, lucatume Built from https://develop.svn.wordpress.org/trunk@35639 git-svn-id: http://core.svn.wordpress.org/trunk@35603 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/load.php | 3 +++ wp-includes/version.php | 2 +- wp-settings.php | 1 - 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/wp-includes/load.php b/wp-includes/load.php index 1275acad37..70b748691f 100644 --- a/wp-includes/load.php +++ b/wp-includes/load.php @@ -603,6 +603,9 @@ function wp_magic_quotes() { $_COOKIE = stripslashes_deep( $_COOKIE ); } + // Turn off sybase quoting after stripslashes has run + @ini_set( 'magic_quotes_sybase', 0 ); + // Escape with wpdb. $_GET = add_magic_quotes( $_GET ); $_POST = add_magic_quotes( $_POST ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 15535438ef..38d7bfdd44 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-beta4-35638'; +$wp_version = '4.4-beta4-35639'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-settings.php b/wp-settings.php index 1c5da84923..bb2043e43a 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -46,7 +46,6 @@ wp_check_php_mysql_versions(); // Disable magic quotes at runtime. Magic quotes are added using wpdb later in wp-settings.php. @ini_set( 'magic_quotes_runtime', 0 ); -@ini_set( 'magic_quotes_sybase', 0 ); // WordPress calculates offsets from UTC. date_default_timezone_set( 'UTC' );