PHP :: Bug #57608 :: magic_qoutes_gpc off, but still adding slashes

Bug #57608

magic_qoutes_gpc off, but still adding slashes

Submitted:

2007-04-05 04:59 UTC

Modified:

2014-03-07 22:55 UTC

Votes:	2
Avg. Score:	3.0 ± 2.0
Reproduced:	1 of 2 (50.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

marc at bhosted dot nl

Assigned:

pajoye (profile)

Status:

Closed

Package:

htscanner (PECL)

PHP Version:

5.2.1

OS:

Linux version 2.4.21

Private report:

CVE-ID:

None

View Developer Edit

[2007-04-05 04:59 UTC] marc at bhosted dot nl

Description:
------------
Description:
------------
Using:
htscanner 0.8.1
PHP 5.2.1 as CGI (suphp).

Setting magic_quotes_gpc to off using .htaccess. 
phpinfo reports magic_quotes_gpc local is off, master is still on.

Testing this with a $_GET results in the slash still added


Reproduce code:
---------------
URL example: http://localhost/phpinfo.php?test=test'test

.htaccess:
<IfModule mod_php.c>
        php_flag magic_quotes_gpc off
</IfModule>

phpinfo.php Source:
<?php

print $_GET['test'];

phpinfo();

?>

<phpinfo reports local magic_quotes_gpc is off, master magic_quotes_gpc
is on>

Expected result:
----------------
test'test


Actual result:
--------------
test\'test

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-04-05 07:37 UTC] pierre dot php at gmail dot com

The magic quotes GPC are processed before the extensions get the hand. That means the input data is already processed.

The way it should work is to set the master off and set it back on using htscanner when necessary.

A fix may be present in php 5.3 (reverting the init calls, calling extension rinit).

[2007-04-05 07:38 UTC] pierre dot php at gmail dot com

I forgot to mention that php6 does not support magic quotes GPC anymore. As a reminder and a possible reason to do not fix this problem in php 5.x

[2007-05-13 19:49 UTC] cirox at x-provi dot de

It doesnt work setting the master off. register_globals and register_long_arrays doesnt work, too. They both changeable by "PHP_INI_PERDIR".

[2007-05-14 05:34 UTC] pierre dot php at gmail dot com

"It doesnt work setting the master off."

Last time I tried, it works well. Sadly cvs is currently broken (regarding magic_quotes_gpc), I will try it again as soon as it works again.

"register_globals and register_long_arrays doesnt work, too. They both changeable by PHP_INI_PERDIR"

it is the same cause, php called the extension init after having processed the input data.

There is a couple of solution to this problem. More about that once I know which one will work with 5.x and 6.x.

Sidenote: register_long_arrays is also removed from php in 6.x. That means only the sapi filters may be a problem (if it they use ini settings).

[2014-03-07 12:50 UTC] narf at devilix dot net

This should be closed ...

[2014-03-07 22:55 UTC] martynas@php.net

-Status: Suspended +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 12:01:31 2024 UTC