WebRequest is currently a little wonky in how it handles some things. It would be nice to do a cleanup, changing a few properties.
magic_quotes removal should be done on demand instead of modifying the global arrays at startup.
This avoids unnecessary transformation of unused parameters, and could aid in integration with other frameworks that might also be trying to do the same transformations on their end, potentially corrupting input data under the current regime.
Heck, currently instantiating two WebRequest objects in the same script will corrupt your data if magic_quotes_gpc is on, as the de-slashing will run once for each object. :)
Note however that WebRequest::checkMagicQuotes() currently applies the slash fixes to $_COOKIE, $_SERVER, and $_ENV, which are accessed directly in various places. It might be wise to add relevant access functions for them onto WebRequest.
Version: 1.21.x
Severity: enhancement