magic_quotes_gpc
设置为
off时,Magento 会转义撇号。当我将
magic_quotes_gpcon我不能让 Magento 转义我的撇号,但我也不希望将
magic_quotes_gpcon请注意 - Magento 并不总是这样,今天才开始。
编辑:将以下代码添加到我的 CMS 页面之一的布局更新 XML 后,该行为开始:
<!--<reference name="content">
<block type="catalog/product_new" name="home.catalog.product.new" alias="product_new" template="catalog/product/new.phtml" after="cms_page"><action method="addPriceBlockType"><type>bundle</type><block>bundle/catalog_product_price</block><template>bundle/catalog/product/price.phtml</template></action></block>
<block type="reports/product_viewed" name="home.reports.product.viewed" alias="product_viewed" template="reports/home_product_viewed.phtml" after="product_new"><action method="addPriceBlockType"><type>bundle</type><block>bundle/catalog_product_price</block><template>bundle/catalog/product/price.phtml</template></action></block>
<block type="reports/product_compared" name="home.reports.product.compared" template="reports/home_product_compared.phtml" after="product_viewed"><action method="addPriceBlockType"><type>bundle</type><block>bundle/catalog_product_price</block><template>bundle/catalog/product/price.phtml</template></action></block>
</reference>
<reference name="right">
<action method="unsetChild"><alias>right.reports.product.viewed</alias></action>
<action method="unsetChild"><alias>right.reports.product.compared</alias></action>
</reference>-->
奇怪的行为开始后,我删除了该代码,但它没有解决问题。
编辑:我找到了问题所在。原来Wordpress有自己的添加斜杠的功能。从 WordPress 3.2.1 版本开始,您可以在 /wp-includes/load.php
的第 530 行附近找到函数
wp_magic_quotes()
为了解决这个问题,我注释掉了函数内的所有内容(不是函数本身,以防止调用未定义的函数)。它消除了转义引号的问题。我还没有进行广泛的测试,但据我了解,这可能会破坏旧的 Wordpress 插件,所以要小心。
事情将从这里开始:
function wp_magic_quotes() {
// If already slashed, strip.
if ( get_magic_quotes_gpc() ) {
$_GET = stripslashes_deep( $_GET );
$_POST = stripslashes_deep( $_POST );
$_COOKIE = stripslashes_deep( $_COOKIE );
}
// Escape with wpdb.
$_GET = add_magic_quotes( $_GET );
$_POST = add_magic_quotes( $_POST );
$_COOKIE = add_magic_quotes( $_COOKIE );
$_SERVER = add_magic_quotes( $_SERVER );
// Force REQUEST to be GET + POST.
$_REQUEST = array_merge( $_GET, $_POST );
}
对此:
function wp_magic_quotes() {
// If already slashed, strip.
/*if ( get_magic_quotes_gpc() ) {
$_GET = stripslashes_deep( $_GET );
$_POST = stripslashes_deep( $_POST );
$_COOKIE = stripslashes_deep( $_COOKIE );
}
// Escape with wpdb.
$_GET = add_magic_quotes( $_GET );
$_POST = add_magic_quotes( $_POST );
$_COOKIE = add_magic_quotes( $_COOKIE );
$_SERVER = add_magic_quotes( $_SERVER );
// Force REQUEST to be GET + POST.
$_REQUEST = array_merge( $_GET, $_POST );*/
}
在 app/code/core/Mage/Core/functions.php 的顶部有这样的:
if (get_magic_quotes_gpc()) {
function mageUndoMagicQuotes($array, $topLevel=true) {
$newArray = array();
foreach($array as $key => $value) {
if (!$topLevel) {
$newKey = stripslashes($key);
if ($newKey!==$key) {
unset($array[$key]);
}
$key = $newKey;
}
$newArray[$key] = is_array($value) ? mageUndoMagicQuotes($value, false) : stripslashes($value);
}
return $newArray;
}
$_GET = mageUndoMagicQuotes($_GET);
$_POST = mageUndoMagicQuotes($_POST);
$_COOKIE = mageUndoMagicQuotes($_COOKIE);
$_REQUEST = mageUndoMagicQuotes($_REQUEST);
}
只需将此文件复制到本地(app/code/local/Mage/Core/functions.php)并注释掉 if 语句,以便它始终运行。
// if (get_magic_quotes_gpc()) {
function mageUndoMagicQuotes($array, $topLevel=true) {
$newArray = array();
foreach($array as $key => $value) {
if (!$topLevel) {
$newKey = stripslashes($key);
if ($newKey!==$key) {
unset($array[$key]);
}
$key = $newKey;
}
$newArray[$key] = is_array($value) ? mageUndoMagicQuotes($value, false) : stripslashes($value);
}
return $newArray;
}
$_GET = mageUndoMagicQuotes($_GET);
$_POST = mageUndoMagicQuotes($_POST);
$_COOKIE = mageUndoMagicQuotes($_COOKIE);
$_REQUEST = mageUndoMagicQuotes($_REQUEST);
// }
这是必需的,因为 WordPress 会检查魔术引号是否被禁用,如果是,它无论如何都会运行魔术引号。关于是否应该发生这种情况有很长的讨论,但共识是删除该功能可能会在无法解决该问题的旧插件或主题中打开安全漏洞,因此不要指望 WordPress 会很快删除该功能。