(bug 4381) Magic quotes cleaning is not comprehensive, key strings not unescaped

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index 2a26284..872738b 100644 (file)
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -74,6 +74,8 @@ production.
 * (bug 28649) Avoiding half truncated multi-byte unicode characters when 
   truncating log comments.
 * Show --batch-size option in help of maintenance scripts that support it
+* (bug 4381) Magic quotes cleaning is not comprehensive, key strings not
+  unescaped
 
 === API changes in 1.19 ===
 * (bug 19838) siprop=interwikimap can now use the interwiki cache.

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 449de7a..98b5eb6 100644 (file)
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -239,16 +239,21 @@ class WebRequest {
         * used for undoing the evil that is magic_quotes_gpc.
         *
         * @param $arr array: will be modified
+        * @param $recursion bool Used to modify behaviour based on recursion
         * @return array the original array
         */
-       private function &fix_magic_quotes( &$arr ) {
+       private function &fix_magic_quotes( &$arr, $recursion = false ) {
+               $clean = array();
                foreach( $arr as $key => $val ) {
                        if( is_array( $val ) ) {
-                               $this->fix_magic_quotes( $arr[$key] );
+                               $cleanKey = !$recursion ? stripslashes( $key ) : $key;
+                               $clean[$cleanKey] = $this->fix_magic_quotes( $arr[$key], true );
                        } else {
-                               $arr[$key] = stripslashes( $val );
+                               $cleanKey = stripslashes( $key );
+                               $clean[$cleanKey] = stripslashes( $val );
                        }
                }
+               $arr = $clean;
                return $arr;
        }