in some CakePHP apps you can find preg_replace(‘/[\’]/’, ”, addslashes(strip_tags($thisHere))) like in http://noserub.googlecode.com/svn/branches/development/app/app_controller.php where

Question

0

Asked: May 27, 20262026-05-27T01:24:48+00:00 2026-05-27T01:24:48+00:00

in some CakePHP apps you can find preg_replace(‘/[\’]/’, ”, addslashes(strip_tags($thisHere))) like in http://noserub.googlecode.com/svn/branches/development/app/app_controller.php where

0

in some CakePHP apps you can find

preg_replace('/["\']/', '”', addslashes(strip_tags($thisHere)))

like in http://noserub.googlecode.com/svn/branches/development/app/app_controller.php
where $this->Controller->here is “additionally secured” in some way

a) what exactly is/was the problem with it? could it hurt the application? I cannot imagine that ” or ‘ could harm it in any way.

b) is it still useful? or are all “possible dangers” already fixed in the more current cake versions?
if so: are there any use case scenarios where one could actually test the possible issues?

NOTE: in 2.0 it has moved to “$this->request->here” – but still contains the current absolute url (/controller/action/..).

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T01:24:49+00:00

Editorial Team

2026-05-27T01:24:49+00:00Added an answer on May 27, 2026 at 1:24 am

it seems that the method is totally unnecessary as the form helper should escape automatically.
and for all other use cases you should just escape the url.

citing
http://groups.google.com/group/cake-php/browse_thread/thread/39e1024efe918e66/efb8ee0bea7bcd1

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

in some CakePHP apps you can find preg_replace(‘/[\’]/’, ”, addslashes(strip_tags($thisHere))) like in http://noserub.googlecode.com/svn/branches/development/app/app_controller.php where

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply