• Registered: 2008-05-13
  • Posts: 414

Topic: Undo magic_quotes_gpc

Right now you have this code to undo magic_quotes_gpc in include/common.php:

// Strip slashes from GET/POST/COOKIE (if magic_quotes_gpc is enabled)
if (get_magic_quotes_gpc())
{
    function stripslashes_array($array)
    {
        return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
    }

    $_GET = stripslashes_array($_GET);
    $_POST = stripslashes_array($_POST);
    $_COOKIE = stripslashes_array($_COOKIE);
}

This does not work with more-than-two-dimensional arrays in $_POST (probably neither in $_GET and $_COOKIE), like this:

<input name="frm[pages][2]" ... />

This seems to have something to do with array_map(). Here is a quick fix:

if (get_magic_quotes_gpc())
{
    function check_arr (&$arr)
    {
        foreach ($arr as $elem)
        {
            if (is_array($elem))
                check_arr($elem);
            else
                $elem = stripslashes($elem);    // $elem is a reference to the array element, right?
        }                                                        // if not, just use $arr[$key] (add "$key =>" to the foreach loop)
        
        return;
    }
    
    check_arr($_GET);
    check_arr($_POST);
    check_arr($_COOKIE);
}

I haven't tested it yet, but I will do that tonight and post some test reports tomorrow.

Host your free FluxBB forum at FluxHosting.org!!!

My extensions
FluxBB.de - deutscher Support

lie2815's Website

  • From: MO, USA
  • Registered: 2008-05-12
  • Posts: 244

Re: Undo magic_quotes_gpc

You should do type hinting, because when your passing arrays to arguments you don't need to reference it for some reason.

function check_arr ( (array) $arr)
Clean Script - Programming Starting at just $5 | Web Development Blog | Mysql 5 Tutorials & Articles
Clean Script Webforum Powered By Flux (not official until Flux is Final smile)

Lamonte's Website

  • Smartys
  • Former FluxBB.org Developer
  • Offline
  • Registered: 2008-04-27
  • Posts: 2,094

Re: Undo magic_quotes_gpc

Thanks, I'll check it out

Smartys's Website

  • Registered: 2008-05-13
  • Posts: 414

Re: Undo magic_quotes_gpc

Tested it. Works like a charm (my version) wink

Thanks, Lamonte.

Host your free FluxBB forum at FluxHosting.org!!!

My extensions
FluxBB.de - deutscher Support

lie2815's Website

  • Reines
  • FluxBB.org Developer
  • Offline
  • From: Scotland
  • Registered: 2008-05-11
  • Posts: 775

Re: Undo magic_quotes_gpc

Are you sure the current setup doesn't work? It looks like it should since it's recursive until it gets to the "bottom" of the array?

Reines's Website

  • From: MO, USA
  • Registered: 2008-05-12
  • Posts: 244

Re: Undo magic_quotes_gpc

lie2815 wrote:

Thanks, Lamonte.

No problem

Are you sure the current setup doesn't work? It looks like it should since it's recursive until it gets to the "bottom" of the array?

lol no: recursion

From the get go the original script never was recursive wink

Also for better programming practice alway use brackets e.g..:

          if (is_array($elem)) {
                check_arr($elem);
           } else {
                $elem = stripslashes($elem);  
           }

Last edited by Lamonte (2008-08-13 16:07:54)

Clean Script - Programming Starting at just $5 | Web Development Blog | Mysql 5 Tutorials & Articles
Clean Script Webforum Powered By Flux (not official until Flux is Final smile)

Lamonte's Website

  • elbekko
  • FluxBB.org Developer
  • Offline
  • From: Leuven, Belgium
  • Registered: 2008-04-30
  • Posts: 817

Re: Undo magic_quotes_gpc

Also for better programming practice alway use brackets e.g..:

No. Just no. Especially if you write it like that.

Ben
SVN repository for my extensions - The thread
Quickmarks 0.5
“Question: How does a large software project get to be one year late? Answer: One day at a time!” - Fred Brooks

elbekko's Website

  • Reines
  • FluxBB.org Developer
  • Offline
  • From: Scotland
  • Registered: 2008-05-11
  • Posts: 775

Re: Undo magic_quotes_gpc

Lamonte wrote:

lol no: recursion

I know what recursion is, maybe I'm being an idiot here, but how isn't it recursive?

stripslashes_array is called on the original variable, if that is an array then stripslashes_array is called on each element in it, which then checks if that is an array and calls stripslashes_array on each element in it...and so on?

Reines's Website

  • elbekko
  • FluxBB.org Developer
  • Offline
  • From: Leuven, Belgium
  • Registered: 2008-04-30
  • Posts: 817

Re: Undo magic_quotes_gpc

http://en.wikipedia.org/wiki/Recursion_(computer_science)#Examples_of_recursively_defined_procedures_.28generative_recursion.29

That example there is pretty much what this function does. AKA, recursion.

Ben
SVN repository for my extensions - The thread
Quickmarks 0.5
“Question: How does a large software project get to be one year late? Answer: One day at a time!” - Fred Brooks

elbekko's Website

  • Registered: 2008-05-13
  • Posts: 414

Re: Undo magic_quotes_gpc

Whoops. Link not working correctly.

Host your free FluxBB forum at FluxHosting.org!!!

My extensions
FluxBB.de - deutscher Support

lie2815's Website

  • From: MO, USA
  • Registered: 2008-05-12
  • Posts: 244

Re: Undo magic_quotes_gpc

elbekko wrote:

Also for better programming practice alway use brackets e.g..:

No. Just no. Especially if you write it like that.

Lol who taught you how to code without brackets? They should kill them self.

On topic, Smarty could try remaking the array_walk_recursive function for php4 compatibility

if( !function_exists("array_walk_recursive") ) {

} else {

}

Last edited by Lamonte (2008-08-13 21:00:56)

Clean Script - Programming Starting at just $5 | Web Development Blog | Mysql 5 Tutorials & Articles
Clean Script Webforum Powered By Flux (not official until Flux is Final smile)

Lamonte's Website

  • elbekko
  • FluxBB.org Developer
  • Offline
  • From: Leuven, Belgium
  • Registered: 2008-04-30
  • Posts: 817

Re: Undo magic_quotes_gpc

I did. Using logic.
One statement = no block required.

Now you.

Ben
SVN repository for my extensions - The thread
Quickmarks 0.5
“Question: How does a large software project get to be one year late? Answer: One day at a time!” - Fred Brooks

elbekko's Website

  • From: Vienna, Austria
  • Registered: 2008-05-10
  • Posts: 245

Re: Undo magic_quotes_gpc

And this IS recursion.

http://www.fluxbb.de - Deutschsprachiges FluxBB Supportforum

Christian's Website

  • Reines
  • FluxBB.org Developer
  • Offline
  • From: Scotland
  • Registered: 2008-05-11
  • Posts: 775

Re: Undo magic_quotes_gpc

To revive this, the current way seems to work fine as far as I can see. Can someone enlighten me to the problem or should I close this?

Reines's Website

  • Smartys
  • Former FluxBB.org Developer
  • Offline
  • Registered: 2008-04-27
  • Posts: 2,094

Re: Undo magic_quotes_gpc

array_map does not work with multi-dimensional arrays. That is the problem.

Smartys's Website

  • Registered: 2008-05-13
  • Posts: 352

Re: Undo magic_quotes_gpc

Shouldn't be too hard to remodel it to use array_walk_recursive, is it?

  • Registered: 2008-05-13
  • Posts: 414

Re: Undo magic_quotes_gpc

array_walk_recursive is PHP 5...

Host your free FluxBB forum at FluxHosting.org!!!

My extensions
FluxBB.de - deutscher Support

lie2815's Website

  • Registered: 2008-05-13
  • Posts: 352

Re: Undo magic_quotes_gpc

Well, PHP4 is dead.
Officially dead since August.

Why caring to support it anymore?

Zend Framework is PHP only.

Even Midgard dropped PHP4 Support in the latest version, so did many of the other softwares.

PHP5 is out for over 4 years...

And as always, there are several alternatives in the comments on the php.net site at array_walk_recursive.

Last edited by Felix (2008-09-09 09:22:25)

  • From: Vienna, Austria
  • Registered: 2008-05-10
  • Posts: 245

Re: Undo magic_quotes_gpc

Felix, even if PHP4 is not supported anymore, it doesn't mean it isn't used by a lot of hosting providers anymore.

Indeed, looking at the comments on the php site is always profitable.

http://www.fluxbb.de - Deutschsprachiges FluxBB Supportforum

Christian's Website

  • Registered: 2008-05-13
  • Posts: 352

Re: Undo magic_quotes_gpc

Their fault in my opinion wink

The providers are hosting what people are asking for and as long as there is software working with PHP4 (and not using the benefits of PHP5) or even are JUST for PHP4 they will keep PHP4. Just due to software changing to PHP5 one gets the customers to see the need for PHP5 and therefor reaching the providers.

Just my 2 cents tho.

  • Reines
  • FluxBB.org Developer
  • Offline
  • From: Scotland
  • Registered: 2008-05-11
  • Posts: 775

Re: Undo magic_quotes_gpc

I'm still convinced the current code works perfectly. If you want to test yourself try this (output). If there is a problem when I can't see please just report this thread and I will re-open it.

Reines's Website

  • elbekko
  • FluxBB.org Developer
  • Offline
  • From: Leuven, Belgium
  • Registered: 2008-04-30
  • Posts: 817

Re: Undo magic_quotes_gpc

Indeed, the current function should work just fine.

Ben
SVN repository for my extensions - The thread
Quickmarks 0.5
“Question: How does a large software project get to be one year late? Answer: One day at a time!” - Fred Brooks

elbekko's Website

  • Smartys
  • Former FluxBB.org Developer
  • Offline
  • Registered: 2008-04-27
  • Posts: 2,094

Re: Undo magic_quotes_gpc

Hmm, I take back what I said (well, partly: I think I could use array_map to screw up multi-dimensional arrays, but the FluxBB function works fine). The code looks good.

Smartys's Website