Just a quick bunch of thoughts that bug me.
$modSettings['integrate_magic_quotes'] is used in QueryString.php, cleanRequest(). It's afaict, the only occurrence which needs database loaded, before executing cleanRequest().
I want to reverse the order of execution. For security reasons, and because frankly it doesn't quite make much sense, to not be able to cleanup the URL without loading database first.
https://github.com/elkarte/Elkarte/blob/master/sources/QueryString.php#L92
This is even deprecated from PHP. But can you think of something I am missing here? Is this setting really used? Is there a scenario - PHP versions, bugs, security holes to fill manually (ah the joy) - where you really need to set up such option for your site? And if there is, can't do it otherwise than in db?
If we rework cleanRequest() without this, we'd be able to do it before the database is loaded. I see that as a big gain. (it'd have saved some security issues in SMF we had, because the db init code was executed while a bunch of $_GLOBALS were still uncleaned).
Thoughts?
Never heard of this one.. A quick search on the SMF site returned this nice post from Arantor :) Arantor's post is for 2.0 RC3, so that hook was probably related to a bridge.
http://www.simplemachines.org/community/index.php?topic=371860.msg2548249#msg2548249
Maybe it was a needed feature (or just an implemented idea) for a specific bridge (at least the old bridges from Orstio don't use it) ?!?
Orstio added it just in case a bridge ever needed to rely on certain magic quotes behaviour, i.e. a system that demanded magic quotes be on rather than the far more sane 'off'. But I don't think it's ever been used.
Remove it. Remove everything to do with magic quotes and demand/require they be turned off :). Check that in the install.
In PHP 5.4 it's gone entirely anyway, so yes, it should be removed.