Prevent WordPress' default input sanitization

Here's an insanely simple hack-y idea

At the top of /index.php, before WP gets it's greedy little fingers on your incoming data, add this line:

$_SPOST = null;if (isset($_SERVER['REQUEST_METHOD']) && strtoupper($_SERVER['REQUEST_METHOD']) === 'POST') {   $_SPOST = $_POST;}

Then whenever you know you'll be passing code content back to the browser

<?php    //PHP code for action.php file    echo $_SPOST['mycode'];//This output will have all the special characters escaped    //I need this to give me the original text entered by the user without /s. ?>

But wait, there's more.. we can hook back up within the wordpress ecosystem and transform our post after it's been fiddled with and sanitized.

This page gave me the idea to use parse_request, which fires once all query variables for the current request have been parsed.

function use_spost() {  if (isset($_SPOST)) $_POST = $_SPOST;}add_action('parse_request', 'use_spost', 1);

You should be able to use the sanitize_text_field filter:

/** Filters the output from sanitize_text_field* @param $filtered string - the sanitized string* @param $original_string string - the original unsanitized string** @return string - the unsanitized string*/add_filter( 'sanitize_text_field', static function( $filtered, $original_string ) { return $original_string; }, 10, 2 ); 

Basically, rather than returning the filtered string through the private _sanitize_text_field method, you return the original string that was passed into the input.

You can do the same thing for textareas using: sanitize_textarea_field

stripslashes_deep($_POST['mycode']) should work. This WordPress function uses the PHP built in function stripslashes, while looping through an array or object. See the code reference for more information.

WordPress is adding these slashes is for backwards compatibility of magic quotes. There has been some discussion about this for the past 10 years as you can tell from this bug report.