Up until about a week ago, wordpress websites on our host showed no issues.
However, since this morning we noticed an issue whereby admin pages failed to load in wordpress. On other sites on the same server one page of one site was being displayed with all single and double quotes preceded with a backslash like this, \” and \’. We checked and found more sites using file_get_contents are suffering from the same issue.
We asked our host, who said it was a mod_security issue, but turning it off for the relevant pages has no effect. Adding stripslashes() directly to the output of the most critical pages and functions on non-wordpress sites got those rendering acceptably again.
However, rather than hacking around in wordpress, is there any setting that we should be asking the host to set (or that we can set since we have ssh access to the server) that can address this issue?
Does anyone know what kind of setting might cause this function to add slashes to content?
I tried disabling slashes via php.ini but it doesn’t change the behaviour on those sites.
Any thoughts for where to start are welcome.
Thanks
Whoever told you it was mod_security is wrong. It’s a PHP setting, magic_quotes_gpc, which controlls whether slashes are added to input. It’s been deprecated for some years now, and should always be off. If it’s on then you might be able to override it and turn it off again with a .htaccess file, but if that’s not an option you’ll have to ask your host to check the magic_quotes_gpc setting.