From cc603741d77ea8c1e95397d412b80c8041df7154 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 8 Jan 2014 06:34:15 +0100
Subject: [PATCH] strip slashes from all _GET, _POST, _COOKIE, _REQUEST if
 magic quotes is on

---
 inc/inc.Settings.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/inc/inc.Settings.php b/inc/inc.Settings.php
index 49935cc34..fe0f5872e 100644
--- a/inc/inc.Settings.php
+++ b/inc/inc.Settings.php
@@ -76,4 +76,19 @@ if(isset($settings->_extraPath))
 if(isset($settings->_maxExecutionTime))
 	ini_set('max_execution_time', $settings->_maxExecutionTime);
 
+if (get_magic_quotes_gpc()) {
+	$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
+	while (list($key, $val) = each($process)) {
+		foreach ($val as $k => $v) {
+			unset($process[$key][$k]);
+			if (is_array($v)) {
+				$process[$key][stripslashes($k)] = $v;
+				$process[] = &$process[$key][stripslashes($k)];
+			} else {
+				$process[$key][stripslashes($k)] = stripslashes($v);
+			}
+		}
+	}
+	unset($process);
+}
 ?>