ThreeStrikesSpam Mystery

I’ve been trying to figure out where these extra escaped slashes were coming from in my comments… I finally tracked it down to some code in ThreeStrikesSpam, the plugin I used to block comment SPAM.

The code activates when a comment is being processed, before wp-comment-post.php actually executes and posts the comment into the WordPress database.

The problem occurs because there’s some code that calls add_magic_quotes() to make sure that everything is “parsed, cleaned, and stripped corrected” in ThreeStrikesSpam.php. The same function is called again in wp-comments-post.php, which double-encodes slashes and screws up single and double-quotes in the comments.

My guess is that I should disable the add_magic_quotes() call in wp-coments-post.php, since some of the function calls in 3SS probably depend on having escaped strings to work properly; I haven’t looked too closely at this yet.