I have a custom front end form which creates a custom post type post and have just discovered WordPress automatically escapes $_POST data in the same way that Magic Quotes does.
I have Magic Quotes disabled and have created a test form that I run on the same domain. When run on it’s own, no data is escaped. However when I run it as a page template for a WordPress page the raw $_POST data is escaped, i.e. using print_r($_POST) so before there has been any processing done.
I have also tried this with multiple themes and the same result.
Anyone know where / how to shut this off? Is there a filter I can suppress for this form?
Cheers.
No, but you can just run stripslashes on it.
Worth having a read of the trac bug here: https://core.trac.wordpress.org/ticket/18322
In short, you can use stripslashes as onetrickpony already mentioned, or wp_unslash, to remove the slashes from your $_POST vars.