Created attachment 5291
A bit of late-night tinkering

In this patch, I've done two major things.

1. $_GET and $_POST are assigned to $data _before_ being de-quoted ($this->data is run through fix_magic_quotes(), as opposed to the raw $_GET and $_POST globals).
2. I've done the same for $_COOKIE and have given them the member variable $cookies in which to reside and be accessed via getCookies(). All direct calls to $_COOKIE in core have been updated.

While this doesn't address the major @fixme of the memory footprint incurred due to always dequoting on every request, it is a step in the right direction. Moving $_SERVER, $_ENV and $_REQUEST to member variables (and removing direct calls) would be another good step.

attachment WebRequest.patch ignored as obsolete

Just for a help note. I do have my own WebRequest class I use in another app of mine.
http://svn.nadir-point.com/viewvc/electronicme/trunk/electronicme/includes/model/WebRequest.php?view=markup
It handles quoting of the data lazily, feel free to use it as a base for trying to get MediaWiki's WebRequest to work without the memory footprint.
Note that eventually I'm going to move it into a library. So if that url disappears it'll be located at:
http://svn.nadir-point.com/viewvc/php-projects/trunk/WebModel/

Went ahead and applied in r40530. Still needs some more work, but a good step in the right direction nonetheless.

Created attachment 5563
Another hack at it

Spent part of the afternoon retooling WebRequest entirely. Values are now lazy-loaded and de-quoted on demand, rather than all at construction. Before this patch can be applied, however, ANY and ALL calls to any superglobals need to be updated to use their appropriate accessor method (getFileValue, getCookieValue, etc etc).

Kept all of the nice wrappers we use, should be backwards-compat.

Attached:

I looked at this again, and really I don't see any reason to change anything here. Things have changed a lot in 5 years ;-)

• Magic quotes is already deprecated in 5.3 (we require 5.3.2), so many people are unlikely to have it enabled
• Magic quotes is removed entirely in 5.4, so when we start requiring that we can just remove all the magic quotes cruft.
• Since we won't be iterating over it, copying the request info to $data on instantiation rather than lazy-loading seems fine (the extra logic won't save us *that* much memory on a typical request).
• The original problem of "can't instantiate multiple WebRequest objects" isn't really true unless you have magic quotes on.

So, repurposing this bug as a reminder and marking LATER for sometime after 5.4.

[Removing RESOLVED LATER as discussed in http://lists.wikimedia.org/pipermail/wikitech-l/2012-November/064240.html . Reopening and setting priority to "Lowest". For future reference, please use either RESOLVED WONTFIX (for issues that will not be fixed), or simply set lowest priority. Thanks a lot!]

(In reply to comment #6)

please use
either RESOLVED WONTFIX (for issues that will not be fixed), or simply set
lowest priority. Thanks a lot!]

The discussion reads as WONTFIX.

It's not wontfix.

Change 144996 had a related patch set uploaded by Chad:
Remove support for magic_quotes_gpc

https://gerrit.wikimedia.org/r/144996

Change 144996 merged by jenkins-bot:
Remove support for magic_quotes_gpc

https://gerrit.wikimedia.org/r/144996