0

I am having the exact same issue as shown here: Why does _GET in PHP wrongly decodes slash?

An HTML form passes the parameters, so there is no need for urlencode(). If it passes a single backslash ("%5c") on the URL, then "$_GET[name]" will return 2 slashes for every one passed!

I am on PHP 7.4, and I understand that magic slashes have been removed in that, so the solution for the old issue doesn't apply to me. In any case, I tried to turn off "magic_quotes_gpc" in PHP (set_ini) as well as ".htaccess".

Improve this question
2
  • "I am on PHP 5.4" — Danger! That version of PHP has been unsupported for almost 8 years. It hasn't had any security updates in that time. Upgrade to a supported version of PHP. Commented Jun 1, 2023 at 8:23
  • Sorry, I meant PHP 7.4 Commented Jun 1, 2023 at 20:40

1 Answer 1

Reset to default
0

OK, I have worked out the answer, while PHP has removed magic quotes from "$_GET", "$_POST", "$_COOKIE", and "$_SERVER", WordPress decided to fu&k everyone up by adding similar magic quotes without the ability to turn it off!

That means you can't safely use the contents as is but must process it via "wp_unslash()":

Unf = wp_unslash( _GET['parm'] );
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.