Wordpress comes with DO NOT WANT built-in



  • They've asked me to have a look at a Wordpress site to extend a feature.

    So I'm browsing the files in the webroot to get a feel for this. Enter wp-settings.php. I'm skidding past /* @internal This file must be parsable by PHP4. */ checking the date, yup, PHP4 end of life was 2008.

    Then I stop. There are some trigger words.

    // Add magic quotes and set up $_REQUEST ( $_GET + $_POST )
    wp_magic_quotes();
    

    Now when my atheist friends told me Wordpress was the works of the devil, I thought surely! they must be employing some rhetoric device. Not so!

    Wordpress enforces magic quotes!

    I don't feel like working anymore today :thermometer_face:



  • @gleemonk said in Wordpress comes with DO NOT WANT built-in:

    // Add magic quotes and set up $_REQUEST ( $_GET + $_POST )
    

    Yeah, that line doesn't make sense either. $_REQUEST is not just $_GET and $_POST. See, it's this kind of shit (WordPress) that makes people think that PHP is a terrible language (ok, it can be written in a terrible way, but it can be done so nicely too)



  • @ASheridan I sure hope they do all three for consistency!

    What really bums me out here is that I have to work with a framework that propagates mistakes of the past, because "it's too late to correct it now". A framework that welcomes ignorance is not a happy place. And that's the impression I got last time I had to fix something in a Wordpress install.



  • @gleemonk said in Wordpress comes with DO NOT WANT built-in:

    A framework that welcomes ignorance is not a happy place. And that's the impression I got last time I had to fix something in a Wordpress install.

    Isn't that the whole purpose of Wordpress, to welcome the ignorant into the world of "web development?"


  • Winner of the 2016 Presidential Election

    @ASheridan said in Wordpress comes with DO NOT WANT built-in:

    @gleemonk said in Wordpress comes with DO NOT WANT built-in:

    // Add magic quotes and set up $_REQUEST ( $_GET + $_POST )
    

    Yeah, that line doesn't make sense either. $_REQUEST is not just $_GET and $_POST. See, it's this kind of shit (WordPress) that makes people think that PHP is a terrible language (ok, it can be written in a terrible way, but it can be done so nicely too)

    I'll just leave this here...



  • @HardwareGeek and it does a good job at it :-/

    So the moral argument for Wordpress becomes "else some other framework would do the same or worse". It's hard to imagine they could do it worse but I'm constantly surprised with reality deviating from the clear path of how things are going to get better.



  • Wordpress needs to be entirely rewritten. I don't even care if you don't use an MVC framework, just trash the whole thing and start again.



  • // A hack to cope with un-configurable call to wp_magic_quotes
    // E.G. Make the original $_POST available through a global $_REAL_POST
    $_REAL_GET     = $_GET;
    $_REAL_POST    = $_POST;
    $_REAL_COOKIE  = $_COOKIE;
    $_REAL_REQUEST = $_REQUEST;
    

    Oh PHP. Don't ever change.



  • // A hack to cope with un-configurable call to wp_magic_quotes
    // E.G. Make the original $_POST available through a global $_REAL_POST
    $_REAL_GET     = $_GET;
    $_REAL_POST    = $_POST;
    $_REAL_COOKIE  = $_COOKIE;
    $_REAL_REQUEST = $_REQUEST;
    

    Oh dear god, someone get some bleach for my eyes!



  • @cartman82 what a horrible find. Yet it is the best answer to that question by SO standards.

    Ten years ago I inherited code that used stripslashes() repeatedly, in different places, on strings returned from the DB. They'd lost track of which strings were clean and which ones were magic. Now these nightmares are perpetuated by Wordpress :anguished:



  • Ew, Magic Quotes.

    It's so evil that the PHP online manual used to have a function in it to specifically remove magic quotes if you were using a shared hosting provider and couldn't turn it off yourself.


  • Winner of the 2016 Presidential Election

    And people still lecture me on how fucking good WordPress is.

    It's easy enough to use for mere mortals but holy fuck at the innards.

    I suspect the "must be parseable with PHP 4" is simply testament to the age of things, WP at this point is over a decade old and might even go back to those heady early-mid-2000s when PHP 5 was so new no one ran it.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.