php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #52221 Misbehaviour of magic_quotes_runtime (get/set))
Submitted: 2010-07-01 14:13 UTC Modified: 2010-09-15 14:40 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: m dot philipp at coreto dot de Assigned: mysql (profile)
Status: Closed Package: MySQLi related
PHP Version: 5.3.2 OS: Any (if using mysqlnd)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: m dot philipp at coreto dot de
New email:
PHP Version: OS:

 

 [2010-07-01 14:13 UTC] m dot philipp at coreto dot de 
Description:
------------
The documentation lists the get_magic_quotes_runtime() / set_magic_quotes_runtime() functions as DEPRECATED as of this PHP version. They still exist and can be called, but already work inconsistent. When magic_quotes_runtime 
file_get_contents() still escapes data, mysqli_fetch_assoc() does not anymore.

Test script:
---------------
<?php
set_magic_quotes_runtime(1);
echo "GMQR: ";
var_dump(get_magic_quotes_runtime());

$c = mysqli_connect();
mysqli_select_db($c, "test");
$r = mysqli_query($c, "select t from test;");
$ra = mysqli_fetch_assoc($r);
echo "\nDB test:\n" . $ra['t'];



$f = file_get_contents("test.txt");
echo "\n\nfile test.txt:\n" . $f;

----
Content of "test.txt" and table "t":
backslash: \
slash: /
double backslash: \\
quotes: "
single quotes: ' 



Expected result:
----------------
Expecting similar behaviour from both function calls, dependent of the acutal magic_quotes_runtime setting.
-OR-
throwing a fatal or catchable_fatal error that unexpectet results can occur. A function thould be completely removed instead of marked as deprecated, when it starts to stop working like before.

Actual result:
--------------
Deprecated:  Function set_magic_quotes_runtime() is deprecated in test.php on line 1

GMQR: int(1)

DB test:
backslash: \
slash: /
double backslash: \\
quotes: "
single quotes: ' 

file test.txt:
backslash: \\
slash: /
double backslash: \\\\
quotes: \"
single quotes: \'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-19 07:54 UTC] m dot philipp at coreto dot de
-Package: Documentation problem +Package: Scripting Engine problem
 [2010-07-19 07:54 UTC] m dot philipp at coreto dot de 
Package correction
 [2010-08-01 23:23 UTC] felipe@php.net
-Package: Scripting Engine problem +Package: MySQLi related
 [2010-08-14 01:15 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mysql
 [2010-08-25 15:55 UTC] uw@php.net
-Status: Assigned +Status: Wont fix -Package: MySQLi related +Package: Documentation problem
 [2010-08-25 15:55 UTC] uw@php.net 
mysqlnd does not support magic quotes any more. It is a deprecated feature and mysqlnd is new. The documentation should note that.
 [2010-08-25 16:22 UTC] philip@php.net
-Status: Wont fix +Status: Assigned
 [2010-08-25 16:27 UTC] andrey@php.net 
It should be documented that mysqlnd is a new development and doesn't implement magic quotes. PDO is a new development too, and doesn't implement magic quotes too. What can be done is adding a php_error_docref(E_WARNING) at MINIT/RINIT which will tell the developer that if mysqlnd is active and magic_quotes is set that it won't work with mysqli. Also a warning can be thrown at every mysqli call.
 [2010-08-25 16:28 UTC] andrey@php.net
-Status: Assigned +Status: Verified -Assigned To: mysql +Assigned To:
 [2010-08-25 16:28 UTC] andrey@php.net 
Doc Problem, not for user mysql.
 [2010-08-25 16:32 UTC] uw@php.net
-Status: Verified +Status: Assigned -Assigned To: +Assigned To: mysql
 [2010-08-25 16:32 UTC] uw@php.net 
Getting quite unsure about the won't fix after discussion with Johannes. Johannes is correct in arguing that the silent removal of a deprecated feature could break apps unexpectedly, which is bad because magic quotes has some security impact. 

Maybe adding magic quotes (although they are deprecated) to mysqlnd and throwing a deprecation warning would be best?

Phillip, thoughts? You re-opened it. Not sure if you noticed I had changed the category/package: Did you intend to re-open as docs or code issue?
 [2010-08-25 17:06 UTC] andrey@php.net 
Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=302776
Log: Fix for bug #52221 Misbehaviour of magic_quotes_runtime (get/set))
 [2010-08-25 22:20 UTC] philip@php.net 
I reopened it after reading "The documentation should note that" but personally I 
think MQ should work the same everywhere.
 [2010-08-26 17:21 UTC] andrey@php.net
-Status: Assigned +Status: Verified
 [2010-08-26 17:21 UTC] andrey@php.net 
Fixed, to work like libmysql, in 5.3.4 
Documentation might need to be updated to state that it didn't work between 5.3.0 and 5.3.4
 [2010-09-03 16:22 UTC] uw@php.net
-Operating System: Windows Server 2008 R2 +Operating System: Any (if using mysqlnd)
 [2010-09-03 16:22 UTC] uw@php.net 
Andrey, 

please have a look at the new test mysqli_magic_quotes.phpt. If I am not mistaken it will pass with libmysql but fail with mysqlnd.

Thanks!
 [2010-09-03 16:23 UTC] uw@php.net
-Package: Documentation problem +Package: MySQLi related
 [2010-09-03 16:23 UTC] uw@php.net 
Setting back to code bug. After the fix it also needs to be documented.
 [2010-09-15 14:40 UTC] uw@php.net
-Status: Verified +Status: Closed
 [2010-09-15 14:40 UTC] uw@php.net 
Fixed - http://news.php.net/php.cvs/63486 . Target version is 5.3.4.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Dec 18 08:01:27 2024 UTC