zola2 / lightopenid

Automatically exported from code.google.com/p/lightopenid
0 stars 0 forks source link

Function used in lightopenid does not exist any more #48

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
In php 5.4beta1 the function get_magic_quotes_gpc() is deprecated and has been 
removed.

As this library uses that function it's not working int php 5.4.

Original issue reported on code.google.com by dieg...@gmail.com on 3 Oct 2011 at 9:56

GoogleCodeExporter commented 8 years ago
Thanks for the report, although I don't see this information anywhere in the 
docs.

Anyway, if you have an idea how to work around that without breaking 
compatibility with older versions (and bad server setups), please tell me. 
Otherwise I'll have to look for it myself.

Original comment by mewp...@gmail.com on 3 Oct 2011 at 10:24

GoogleCodeExporter commented 8 years ago
Hi, I have just removed the verification in this line and I use directly the 
function stripslashes($value), without executing getmagic_quotes_gpc().

I'm not sure about the impact of this change in previous versions, but as far 
as I know that function is also deprecated in php 5.3

Original comment by dieg...@gmail.com on 3 Oct 2011 at 10:48

GoogleCodeExporter commented 8 years ago
This isn't a good general solution.

For example, a string: $str = 'asd\f';
Without magic quotes: stripslashes($str) == 'asdf'
With magic quotes: stripslashes($str) == 'asd\f'

Why? Because magic quotes would make the string 'asd\\f' (if it came from GET, 
or something, of course).

So if I wanted to do something like this, I'd just remove the whole block.

I'd rather look for a general solution before doing it.
Also, magic_quotes are deprecated since php 5.3, but get_magic_quotes_gpc is 
not, as it has to be used in order to maintain backwards compatibility. At 
least that's how I understand the php.net docs (it isn't stated anywhere that 
get_magic_quotes_gpc is deprecated).

Original comment by mewp...@gmail.com on 3 Oct 2011 at 1:18

GoogleCodeExporter commented 8 years ago
You can use the filter extension (http://php.net/filter) which takes into 
consideration magic quotes when filtering variables from GET and POST.

Instead of:

$this->data = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_GET;

Do:

$this->data = filter_input_array($_SERVER['REQUEST_METHOD'] === 'POST' ? 
INPUT_POST : INPUT_GET, FILTER_UNSAFE_RAW);

Original comment by malterisio777 on 7 Oct 2011 at 7:19

GoogleCodeExporter commented 8 years ago

Original comment by mewp...@gmail.com on 9 Oct 2011 at 9:32