Closed GoogleCodeExporter closed 9 years ago
Thanks for the report, although I don't see this information anywhere in the
docs.
Anyway, if you have an idea how to work around that without breaking
compatibility with older versions (and bad server setups), please tell me.
Otherwise I'll have to look for it myself.
Original comment by mewp...@gmail.com
on 3 Oct 2011 at 10:24
Hi, I have just removed the verification in this line and I use directly the
function stripslashes($value), without executing getmagic_quotes_gpc().
I'm not sure about the impact of this change in previous versions, but as far
as I know that function is also deprecated in php 5.3
Original comment by dieg...@gmail.com
on 3 Oct 2011 at 10:48
This isn't a good general solution.
For example, a string: $str = 'asd\f';
Without magic quotes: stripslashes($str) == 'asdf'
With magic quotes: stripslashes($str) == 'asd\f'
Why? Because magic quotes would make the string 'asd\\f' (if it came from GET,
or something, of course).
So if I wanted to do something like this, I'd just remove the whole block.
I'd rather look for a general solution before doing it.
Also, magic_quotes are deprecated since php 5.3, but get_magic_quotes_gpc is
not, as it has to be used in order to maintain backwards compatibility. At
least that's how I understand the php.net docs (it isn't stated anywhere that
get_magic_quotes_gpc is deprecated).
Original comment by mewp...@gmail.com
on 3 Oct 2011 at 1:18
You can use the filter extension (http://php.net/filter) which takes into
consideration magic quotes when filtering variables from GET and POST.
Instead of:
$this->data = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_GET;
Do:
$this->data = filter_input_array($_SERVER['REQUEST_METHOD'] === 'POST' ?
INPUT_POST : INPUT_GET, FILTER_UNSAFE_RAW);
Original comment by malterisio777
on 7 Oct 2011 at 7:19
Original comment by mewp...@gmail.com
on 9 Oct 2011 at 9:32
Original issue reported on code.google.com by
dieg...@gmail.com
on 3 Oct 2011 at 9:56