The WordPress wpads plugin is escaping everything with slashes Print

  • 3

The wpads plugin for WordPress was built before the PHP magic_quotes directive was deprciated by the PHP project and before WordPress adopted the changes to prevent use of magic_quotes. This means that it properly escapes the strings during insertion to the database (good sanity checks), but that it does not properly strip the slashes upon retrieval from the database and display to the browser. There are two places where we need to add stripslashes() functions to prevent these slashes from getting in the way - the admin panel when viewing the code as well as where it outputs the ads to the front-end of the site.

First look in wpads.php and change the following line:

44  return $theBanner->banner_html;


44  return stripslashes($theBanner->banner_html);

Then look in wpads-options.php and change as follows:

echo htmlentities($banner->banner_html);


echo htmlentities(stripslashes($banner->banner_html));

Was this answer helpful?

← Back