Skip to:

WP Integration – Slashes the root of all evil

  • So I’ve been digging further into the strange behavior I’ve had with slashes in posts AND with HTML tag attributes being yanked out.

    It’s all related. Apparently, there is some type of problem where slashes get added TWICE when the WP intergation is on. This is why slashes start showing up everywhere and why kses fails.

    I finally discovered that even though the stripslashes filter is called before bb_filter_kses, there are still slashes in front of the quotes of the attributes. So they get tossed.

    So I took out all the stripslashes hacks I had put into the title and post routines and called stripslashes TWICE as a pre_post filter. Voila – attributes are preserved.

    add_filter('pre_post', 'stripslashes', 40);

    add_filter('pre_post', 'stripslashes', 45); // 2nd Time

    I also added this little section in default-filters.php:

    // Slash problems when integrated with WordPress

    if (defined('WP_BB') && WP_BB) {

    add_filter('post_text', 'stripslashes');

    add_filter('get_topic_title', 'stripslashes');

    add_filter('get_bb_title', 'stripslashes');

    add_filter('edit_text', 'stripslashes');


    And it stripped out the slashes in titles, browser bars, posts, edit screens, etc. (Note there is a missing semi-colon after the sort_tag_heat_map line – you need to add on if you put this at the end)

    This is still a hack. I don’t have magic quotes on. I still need to dig and find out why there seems to be alternate behavior when wordpress is integrated or not. Maybe WordPress is turning on magic quotes and bbPress doesn’t expect it to be on?

    Still digging.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Weird. I have magic quotes off. However, I notice that wp-settings adds slashes to EVERY request in wp-settings:

    // If already slashed, strip.

    if ( get_magic_quotes_gpc() ) {

    $_GET = stripslashes_deep($_GET );

    $_POST = stripslashes_deep($_POST );

    $_COOKIE = stripslashes_deep($_COOKIE);


    // Escape with wpdb.

    $_GET = add_magic_quotes($_GET );

    $_POST = add_magic_quotes($_POST );

    $_COOKIE = add_magic_quotes($_COOKIE);

    $_SERVER = add_magic_quotes($_SERVER);

    Is bbpress not expecting this? This might explain the double slashing even if magic quotes is off (I checked my php.ini – it is off)

    Would the solution be to execute a stripslashes_deep on GET, POST, etc if WP_BB is true? Seems kinda dangerous – but bbpress doesn’t expect this in a non-integrated environment, so undoing what wp-settings.php does (which gets run when you include wp-config to get the WordPress API) seems harmless enough.

    Maybe something along the lines of:

    function bb_undo_wp_slashes() {

    $_GET = stripslashes_deep($_GET );

    $_POST = stripslashes_deep($_POST );

    $_COOKIE = stripslashes_deep($_COOKIE);

    $_SERVER = stripslashes_deep($_SERVER);


    and call that as a filter for bb_head?

    if (defined('WP_BB') && WP_BB) add_action('bb_head', 'bb_undo_wp_slashes');

    I think bb_head is called after the environment is setup.

    I may give this a try. Thoughts from developers who know more about bbPress than I?

    I brain locked. bb_head is probably too late for this. Is there an equivalent of the ‘init’ hook for bbPress? In WordPress, that filter hook gets run after the environment initializes. That’s when the code I included would need to be run. I can’t seem to find an applicable filter hook called that early.



    In bbpress it is called ‘bb_init’ … do you mean this?

    Yes. I figured that’s what it was called – I just couldn’t find it referenced in the source anywhere. I must have grepped badly. Will try that out.



    3 years ago? I’m getting backslashes in posts…is there a recent solution…i’ll keep digging…





    Same here and here is no apparent answer to be found …

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.
Skip to toolbar