[Mediawiki-l] attack of the backslashes (IE and forms?)
jimhu at tamu.edu
Wed Aug 22 00:44:46 UTC 2007
I'm having problems with my TableEdit extension where saving
something from IE sometimes leads to extra backslashes showing up in
the saved data.
I use mysql_real_escape_string before saving to the database. I use
stripslashes when I get it back out.
What's weird is:
a) that it will work fine, and then I get a runaway cycle of ' going
to \\' to \\\' to \\\\' etc. It seems like once it gets out of hand,
stripslashes can't handle it anymore. But it's not happening most of
the time users edit and save.
b) The start of a backslash attack seems to be correlated with the
Table being edited with Internet Explorer.
I think part of the problem was that I needed to replace \r\n with \n
after using $wgRequest->getArray('field'). Any thoughts on:
- what's going on and
- what else I should be doing to take advantage of what the MW devs
have presumably already done to solve these kinds of problems?
Dept. of Biochemistry and Biophysics
Texas A&M Univ.
College Station, TX 77843-2128
More information about the MediaWiki-l