|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57608 magic_qoutes_gpc off, but still adding slashes
Submitted: 2007-04-05 04:59 UTC Modified: 2014-03-07 22:55 UTC
Avg. Score:3.0 ± 2.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: marc at bhosted dot nl Assigned: pajoye (profile)
Status: Closed Package: htscanner (PECL)
PHP Version: 5.2.1 OS: Linux version 2.4.21
Private report: No CVE-ID: None
 [2007-04-05 04:59 UTC] marc at bhosted dot nl
htscanner 0.8.1
PHP 5.2.1 as CGI (suphp).

Setting magic_quotes_gpc to off using .htaccess. 
phpinfo reports magic_quotes_gpc local is off, master is still on.

Testing this with a $_GET results in the slash still added

Reproduce code:
URL example: http://localhost/phpinfo.php?test=test'test

<IfModule mod_php.c>
        php_flag magic_quotes_gpc off

phpinfo.php Source:

print $_GET['test'];



<phpinfo reports local magic_quotes_gpc is off, master magic_quotes_gpc
is on>

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-05 07:37 UTC] pierre dot php at gmail dot com
The magic quotes GPC are processed before the extensions get the hand. That means the input data is already processed.

The way it should work is to set the master off and set it back on using htscanner when necessary.

A fix may be present in php 5.3 (reverting the init calls, calling extension rinit).
 [2007-04-05 07:38 UTC] pierre dot php at gmail dot com
I forgot to mention that php6 does not support magic quotes GPC anymore. As a reminder and a possible reason to do not fix this problem in php 5.x
 [2007-05-13 19:49 UTC] cirox at x-provi dot de
It doesnt work setting the master off. register_globals and register_long_arrays doesnt work, too. They both changeable by "PHP_INI_PERDIR".
 [2007-05-14 05:34 UTC] pierre dot php at gmail dot com
"It doesnt work setting the master off."

Last time I tried, it works well. Sadly cvs is currently broken (regarding magic_quotes_gpc), I will try it again as soon as it works again.

"register_globals and register_long_arrays doesnt work, too. They both changeable by PHP_INI_PERDIR"

it is the same cause, php called the extension init after having processed the input data.

There is a couple of solution to this problem. More about that once I know which one will work with 5.x and 6.x.

Sidenote: register_long_arrays is also removed from php in 6.x. That means only the sapi filters may be a problem (if it they use ini settings).
 [2014-03-07 12:50 UTC] narf at devilix dot net
This should be closed ...
 [2014-03-07 22:55 UTC]
-Status: Suspended +Status: Closed
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Nov 28 08:03:16 2021 UTC