search

gWorldz / get-simple-cms

Automatically exported from code.google.com/p/get-simple-cms
GNU General Public License v3.0
0 stars 0 forks source link

Backslashes removed when saving page (if magic quotes gpc On) #278

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Another issue related to magic quotes gpc: if enabled (usually PHP 5.2.x), 
backslashes ("\") in a page's title or content disappear when you save the page.
It doesn't happen with magic quotes gpc disabled (default setting for PHP 5.3.x)

http://get-simple.info/forum/post/21282/#p21282

More info:
http://get-simple.info/forum/post/21283/#p21283

Suggested patch:
admin/inc/basic.php, line 616. Insert:

$text=str_replace('\\', '\\\\', $text);

(just after the "$text = htmlentities..." line)

Another approach could be: replacing every backslash by the html code \
I think this would do no harm. Line 612, the 'if' sentence would be changed to 
(new lines with "//NEW"):

    if (get_magic_quotes_gpc()==0) {
        $text = addslashes(htmlentities($text, ENT_QUOTES, 'UTF-8'));
        $text=str_replace('\\\\', '\', $text); // NEW
    } else {
        $text = htmlentities($text, ENT_QUOTES, 'UTF-8');
        $text=str_replace('\\', '\', $text); // NEW
    }

Original issue reported on code.google.com by carnav on 4 Jan 2012 at 2:21

GoogleCodeExporter commented 9 years ago 
sorry for being ignorant here... but where does the \\\\ come from? Does 
magicquotes add 4 slashes when it's turned on?

Original comment by ccagle8 on 4 Jan 2012 at 4:37

GoogleCodeExporter commented 9 years ago 
<?php echo '\\ \\\\'; ?>
result:
\ \\

Original comment by carnav on 4 Jan 2012 at 4:52

GoogleCodeExporter commented 9 years ago 
I also noticed a problem when editing theme files if there are backslashes.
Example: if you edit template.php (in the backend), insert <?php echo '\\'; ?> 
somewhere, and save it, it is changed to <?php echo '\'; ?> and the site is 
then broken.

Maybe this could make another issue...

Original comment by carnav on 4 Jan 2012 at 5:31

GoogleCodeExporter commented 9 years ago 
r620 has fixed the theme-edit issue in my last comment.

Going back to this issue about page saving... FYI the same problem happens when 
saving components that have one or more backslashes (if get_magic_quotes_gpc 
on).
It's because components.php also uses the safe_slash_html() function (basic.php)

Original comment by carnav on 7 Jan 2012 at 9:56

GoogleCodeExporter commented 9 years ago 
I'm sorry...
I've been able to test this in a server with php 5.2 and get_magic_quotes_gpc 
on, and works ok, no slashes removed.

So it seems it's something in my local test server (XAMPP)

(I hadn't been able to test this in my usual webhost, as it had upgraded php to 
5.3 and doesn't let me enable magic quotes.)

So, unless you or someone else has this problem (backslashes removed when 
saving page or component), please discard this issue.

Original comment by carnav on 13 Jan 2012 at 10:32

GoogleCodeExporter commented 9 years ago 
thanks for reporting back carnav. I gladly will close it...

Original comment by ccagle8 on 14 Jan 2012 at 2:24

GoogleCodeExporter commented 9 years ago 
Do we at least detect this in health check ?
Perhaps we should.

Original comment by tablatronics on 24 Jul 2012 at 1:57