stripslashes really needed in twitter.php?

[GoogleCodeExporter]

The question is pretty clear, if you open twitter.php and read line #875, 
you'll see

$status = twitter_url_shorten(stripslashes(trim($_POST['status'])));

I'm clueless why stripslashes is present there, we're not handling some mysql 
database that we need to unquote stuff.

The problem with this is, if I use some backslash in the status for example 
this smiley: :-\, the backslash is removed.

I tried it on my installation, removing stripslashes, and tweeted with 
backslashes and a url as well, no bug found till now.

Original issue reported on code.google.com by nilesh.3...@gmail.com on 21 Aug 2011 at 7:23

[GoogleCodeExporter]

what happens if you use a single or double quote?

Original comment by ldoug...@gmail.com on 21 Aug 2011 at 6:48

[GoogleCodeExporter]

Well, nothing much, it just got tweeted properly! Evidence: 
https://twitter.com/#!/nileshgr/status/105452581601550337

Original comment by nilesh.3...@gmail.com on 22 Aug 2011 at 1:34

[GoogleCodeExporter]

single quotes too? because those are the things that usually blow up my 
un-strip-slashed form entries in PHP.

Original comment by ldoug...@gmail.com on 22 Aug 2011 at 9:57

[GoogleCodeExporter]

Nope, no problem there as well.
See this image: http://i.imgur.com/3Pl1O.png
You yourself can ascertain why I posted it as an image and why that tweet has 
been deleted by me.

Original comment by nilesh.3...@gmail.com on 22 Aug 2011 at 1:35

[GoogleCodeExporter]

Interesting. That doesn't happen on my installation.  Although tweeting & 
results in just an & coming though.

Wonder if we should use htmlentities or similar?

Original comment by terence.eden on 30 Aug 2011 at 1:28

[GoogleCodeExporter]

Original comment by agyl.par...@gmail.com on 19 Sep 2011 at 5:37

Attachments:

• twutter.txt