php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10372 php addslashes() the entire page
Submitted: 2001-04-18 02:49 UTC Modified: 2002-06-18 18:27 UTC
From: hiryuu at envisiongames dot net Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 4.0.4 OS: Apache 1.3.14 / Debian 2.2
Private report: No CVE-ID: None
 [2001-04-18 02:49 UTC] hiryuu at envisiongames dot net
PHP will intermittently produce a page where all quotes 
are backslashed, such as:

<body bgcolor=\"000000\" text=\"ffffff\" link=\"ffffff\" 
vlink=\"ffffff\"
  alink=\"c0c0c0\" leftmargin=\"0\" topmargin=\"0\" 
marginwidth=\"0\"
  marginheight=\"0\">

<table width=\"100%\" height=\"100%\" border=\"0\" 
cellspacing=\"0\"
  cellpadding=\"0\">
<tr>

This particular page is produced using a template system, 
so it has passed through file(), join, spliti, 
str_replace, and echo.

The original data (in the file) contained no backslashes 
and all magic quotes-related options are off (at least, 
according to phpinfo).  The phpinfo output is not affected 
by this.

This is a vhosting server and one site (not this one) has 
magic_quotes_gpc and magic_quotes_runtime enabled in their 
.htaccess file.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-18 02:56 UTC] cynic@php.net
IIRC there was some odd interaction between session_start() and include(). Try upgrading to pl1 or higher (RC5 or current snapshot) and see if it persists.
 [2001-05-16 00:59 UTC] sniper@php.net
no feedback, considered fixed.

--Jani

 [2001-07-16 04:05 UTC] hiryuu at envisiongames dot net
This bug continues, but further tracking has traced it to file() addslashing the template file.  The issue is the same as described in bug #11042 (http://www.php.net/bugs.php?id=11042).
 [2002-06-18 18:27 UTC] sniper@php.net
..and that one was bogused.

 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC