“Magento is escaping apostrophes when magic_quotes_gpc is set to off. When I set magic_quotes_gpc to on, Magento stops inserting slashes. It’s completely backwards.

I can’t have Magento escaping my apostrophes, but I also do not want to have magic_quotes_gpc set to on because I am concerned about the implications it might have on other parts of my site (vBulletin forum, WordPress blog, etc.).

Just to note – Magento wasn’t always behaving this way, it only started today.”

That was a scenario I just encountered with two of my clients websites where the required WordPress integrations. I noticed that Magento all of a sudden started escaping quotes and it became very troublesome to edit CMS pages in Magento due to that.

In order to resolve the issue I did this:

It turns out that WordPress has it’s own function to add in slashes. As of WordPress version 3.2.1, you can find function wp_magic_quotes() around line 530 of /wp-includes/load.php

To fix the issue, I commented out everything within the function (not the function itself, so as to prevent a call to an undefined function). It’s removed the issue of escaped quotes. I haven’t done extensive testing, but from what I understand, this may break older WordPress plug-ins, so be careful.

It will go from this:

function wp_magic_quotes() {
    // If already slashed, strip.
    if ( get_magic_quotes_gpc() ) {
        $_GET    = stripslashes_deep( $_GET    );
        $_POST   = stripslashes_deep( $_POST   );
        $_COOKIE = stripslashes_deep( $_COOKIE );
    }

    // Escape with wpdb.
    $_GET    = add_magic_quotes( $_GET    );
    $_POST   = add_magic_quotes( $_POST   );
    $_COOKIE = add_magic_quotes( $_COOKIE );
    $_SERVER = add_magic_quotes( $_SERVER );

    // Force REQUEST to be GET + POST.
    $_REQUEST = array_merge( $_GET, $_POST );
}

to this:

function wp_magic_quotes() {
    // If already slashed, strip.
    //if ( get_magic_quotes_gpc() ) {
    //    $_GET    = stripslashes_deep( $_GET    );
    //    $_POST   = stripslashes_deep( $_POST   );
    //    $_COOKIE = stripslashes_deep( $_COOKIE );
    //}

    // Escape with wpdb.
    //$_GET    = add_magic_quotes( $_GET    );
    //$_POST   = add_magic_quotes( $_POST   );
    //$_COOKIE = add_magic_quotes( $_COOKIE );
    //$_SERVER = add_magic_quotes( $_SERVER );

    // Force REQUEST to be GET + POST.
    // $_REQUEST = array_merge( $_GET, $_POST );
}