[Mediawiki-l] attack of the backslashes (IE and forms?)

Jim Hu jimhu at tamu.edu
Wed Aug 22 00:44:46 UTC 2007

I'm having problems with my TableEdit extension where saving  
something from IE sometimes leads to extra backslashes showing up in  
the saved data.

I use mysql_real_escape_string before saving to the database.  I use  
stripslashes when I get it back out.

What's weird is:
a)  that it will work fine, and then I get a runaway cycle of ' going  
to \\' to \\\' to \\\\' etc. It seems like once it gets out of hand,  
stripslashes can't handle it anymore.  But it's not happening most of  
the time users edit and save.
b) The start of a backslash attack seems to be correlated with the  
Table being edited with Internet Explorer.

I think part of the problem was that I needed to replace \r\n with \n  
after using $wgRequest->getArray('field').  Any thoughts on:
- what's going on and
- what else I should be doing to take advantage of what the MW devs  
have presumably already done to solve these kinds of problems?


Jim Hu
Associate Professor
Dept. of Biochemistry and Biophysics
2128 TAMU
Texas A&M Univ.
College Station, TX 77843-2128

More information about the MediaWiki-l mailing list