Deprecate FILTER_SANITIZE_MAGIC_QUOTES

Author: nikic

ext/filter/filter.c

@@ -58,7 +58,7 @@ static const filter_list_entry filter_list[] = {
 	{ "url",             FILTER_SANITIZE_URL,           php_filter_url             },
 	{ "number_int",      FILTER_SANITIZE_NUMBER_INT,    php_filter_number_int      },
 	{ "number_float",    FILTER_SANITIZE_NUMBER_FLOAT,  php_filter_number_float    },
-	{ "magic_quotes",    FILTER_SANITIZE_MAGIC_QUOTES,  php_filter_add_slashes     },
+	{ "magic_quotes",    FILTER_SANITIZE_MAGIC_QUOTES,  php_filter_magic_quotes    },
 	{ "add_slashes",     FILTER_SANITIZE_ADD_SLASHES,   php_filter_add_slashes     },
 
 	{ "callback",        FILTER_CALLBACK,               php_filter_callback        },

ext/filter/php_filter.h

@@ -92,6 +92,7 @@ void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_number_int(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL);
+void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL);
 
 void php_filter_callback(PHP_INPUT_FILTER_PARAM_DECL);
 

ext/filter/sanitizing_filters.c

@@ -369,11 +369,20 @@ void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL)
 /* {{{ php_filter_add_slashes */
 void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL)
 {
-	/* This filter is used by both 'add_slashes' & 'magic_quotes' (legacy) */
+	zend_string *buf = php_addslashes(Z_STR_P(value));
 
+	zval_ptr_dtor(value);
+	ZVAL_STR(value, buf);
+}
+/* }}} */
+
+/* {{{ php_filter_magic_quotes */
+void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL)
+{
 	zend_string *buf;
+	php_error_docref(NULL, E_DEPRECATED,
+		"FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead");
 
-	/* just call php_addslashes quotes */
 	buf = php_addslashes(Z_STR_P(value));
 
 	zval_ptr_dtor(value);

ext/filter/tests/020.phpt

@@ -12,9 +12,16 @@ var_dump(filter_var(-1, FILTER_SANITIZE_MAGIC_QUOTES));
 
 echo "Done\n";
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
 string(36) "test\'asd\'asd\'\' asd\\\'\"asdfasdf"
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
 string(2) "\'"
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
 string(0) ""
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
 string(2) "-1"
 Done

ext/filter/tests/033.phpt

@@ -9,7 +9,7 @@ default_charset=UTF-8
 <?php
 include __DIR__ . '/033_run.inc';
 ?>
---EXPECT--
+--EXPECTF--
 int                      1                                               123                                                         
 boolean                  1                                                                                                           
 float                    1                                               123                                                         
@@ -29,6 +29,26 @@ email               PHP  1  [email protected]    httpa.b.c           1.2.3.4   123  12
 url                 PHP  1  [email protected]    http://a.b.c        1.2.3.4   123  123abc<>()          O'Henry                  aa:bb:cc:dd:ee:ff
 number_int               1                                     1234      123  123                                                    
 number_float             1                                     1234      123  123                                                    
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
+
+Deprecated: filter_var(): FILTER_SANITIZE_MAGIC_QUOTES is deprecated, use FILTER_SANITIZE_ADD_SLASHES instead in %s on line %d
 magic_quotes        PHP  1  [email protected]    http://a.b.c        1.2.3.4   123  123abc<>()          O\'Henry       하퍼    aa:bb:cc:dd:ee:ff
 add_slashes         PHP  1  [email protected]    http://a.b.c        1.2.3.4   123  123abc<>()          O\'Henry       하퍼    aa:bb:cc:dd:ee:ff
 callback            PHP  1  [email protected]    HTTP://A.B.C        1.2.3.4   123  123ABC<>()          O'HENRY        하퍼    AA:BB:CC:DD:EE:FF

ext/filter/tests/059.phpt

@@ -5,29 +5,16 @@ filter_var() and FILTER_SANITIZE_ADD_SLASHES
 --FILE--
 <?php
 
-function filter_test_compare($input) {
-    return filter_var($input, FILTER_SANITIZE_ADD_SLASHES) === filter_var($input, FILTER_SANITIZE_MAGIC_QUOTES);
-}
-
 var_dump(filter_var("test'asd'asd'' asd\'\"asdfasdf", FILTER_SANITIZE_ADD_SLASHES));
 var_dump(filter_var("'", FILTER_SANITIZE_ADD_SLASHES));
 var_dump(filter_var("", FILTER_SANITIZE_ADD_SLASHES));
 var_dump(filter_var(-1, FILTER_SANITIZE_ADD_SLASHES));
 
-var_dump(filter_test_compare("test'asd'asd'' asd\'\"asdfasdf"));
-var_dump(filter_test_compare("''"));
-var_dump(filter_test_compare(''));
-var_dump(filter_test_compare(-1));
-
 echo "Done\n";
 ?>
 --EXPECT--
 string(36) "test\'asd\'asd\'\' asd\\\'\"asdfasdf"
 string(2) "\'"
 string(0) ""
 string(2) "-1"
-bool(true)
-bool(true)
-bool(true)
-bool(true)
 Done