View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
05377 | Bug reports | Installation | public | 2011-08-03 09:34 | 2011-08-04 12:29 |
Reporter | WAWANSUR | Assigned To | mot | ||
Priority | normal | Severity | minor | ||
Status | closed | Resolution | fixed | ||
Product Version | 1.91+ | ||||
Fixed in Version | 1.91+ | ||||
Summary | 05377: magic quotes | ||||
Description | The function get_magic_quotes_gpc() is not support by PHP6. | ||||
Tags | No tags attached. | ||||
Attached Files | 05377-00-get_magic_quotes_gpc-php-6-no-externals.diff (9,513 bytes)
### Eclipse Workspace Patch 1.0 #P Limesurvey 1.x trunk stable Index: admin/tokens.php =================================================================== --- admin/tokens.php (revision 10605) +++ admin/tokens.php (working copy) @@ -787,7 +787,7 @@ $fieldvalue['bounceaccounthost']=$_POST['bounceaccounthost']; } - $connect->AutoExecute("{$dbprefix}surveys", $fieldvalue, 2,"sid=$surveyid",get_magic_quotes_gpc()); + $connect->AutoExecute("{$dbprefix}surveys", $fieldvalue, 2,"sid=$surveyid",ls_get_magic_quotes_gpc()); $tokenoutput .= "<div class='header ui-widget-header'>".$clang->gT("Bounce settings")."</div>\n" ."<div class='messagebox ui-corner-all'>" ."\t<div class='successheader'>".$clang->gT("Bounce settings have been saved.")."</div>\n" Index: admin/browse.php =================================================================== --- admin/browse.php (revision 10605) +++ admin/browse.php (working copy) @@ -200,7 +200,7 @@ if ($id < 1) { $id = 1; } if (isset($_POST['sql']) && $_POST['sql']) { - if (get_magic_quotes_gpc()) {$idquery .= stripslashes($_POST['sql']);} + if (ls_get_magic_quotes_gpc()) {$idquery .= stripslashes($_POST['sql']);} else {$idquery .= "{$_POST['sql']}";} } else {$idquery .= "$surveytable.id = $id";} Index: admin/assessments.php =================================================================== --- admin/assessments.php (revision 10605) +++ admin/assessments.php (working copy) @@ -60,7 +60,7 @@ $datarray['id']=$aid; } - $query = $connect->GetInsertSQL($inserttable, $datarray, get_magic_quotes_gpc()); + $query = $connect->GetInsertSQL($inserttable, $datarray, ls_get_magic_quotes_gpc()); $result=$connect->Execute($query) or safe_die("Error inserting<br />$query<br />".$connect->ErrorMsg()); if ($first==true) { Index: admin/templates.php =================================================================== --- admin/templates.php (revision 10605) +++ admin/templates.php (working copy) @@ -164,7 +164,7 @@ if (isset ($_POST['changes'])) { $changedtext=$_POST['changes']; $changedtext=str_replace ('<?','',$changedtext); - if(get_magic_quotes_gpc()) + if(ls_get_magic_quotes_gpc()) { $changedtext = stripslashes($changedtext); } @@ -173,7 +173,7 @@ if (isset ($_POST['changes_cp'])) { $changedtext=$_POST['changes_cp']; $changedtext=str_replace ('<?','',$changedtext); - if(get_magic_quotes_gpc()) + if(ls_get_magic_quotes_gpc()) { $changedtext = stripslashes($changedtext); } Index: admin/userrighthandling.php =================================================================== --- admin/userrighthandling.php (revision 10605) +++ admin/userrighthandling.php (working copy) @@ -18,7 +18,7 @@ if (isset($_POST['uid'])) {$postuserid=sanitize_int($_POST['uid']);} if (isset($_POST['ugid'])) {$postusergroupid=sanitize_int($_POST['ugid']);} -if (get_magic_quotes_gpc()) +if (ls_get_magic_quotes_gpc()) {$_POST = array_map('recursive_stripslashes', $_POST);} $js_admin_includes[]='../scripts/jquery/jquery.tablesorter.min.js'; Index: admin/labels.php =================================================================== --- admin/labels.php (revision 10605) +++ admin/labels.php (working copy) @@ -22,7 +22,7 @@ // unescaped strings in switch case //if (get_magic_quotes_gpc()) //$_POST = array_map('stripslashes', $_POST); -if (isset($_POST['method']) && get_magic_quotes_gpc()) +if (isset($_POST['method']) && ls_get_magic_quotes_gpc()) { $_POST['method'] = stripslashes($_POST['method']); } Index: admin/database.php =================================================================== --- admin/database.php (revision 10605) +++ admin/database.php (working copy) @@ -23,7 +23,7 @@ $postqid=returnglobal('qid'); $postqaid=returnglobal('qaid'); -if (get_magic_quotes_gpc()) +if (ls_get_magic_quotes_gpc()) {$_POST = array_map('recursive_stripslashes', $_POST);} @@ -1119,7 +1119,7 @@ 'tokenlength'=>$_POST['tokenlength'] ); - $usquery=$connect->GetUpdateSQL($rs, $updatearray, false, get_magic_quotes_gpc()); + $usquery=$connect->GetUpdateSQL($rs, $updatearray, false, ls_get_magic_quotes_gpc()); if ($usquery) { $usresult = $connect->Execute($usquery) or safe_die("Error updating<br />".$usquery."<br /><br /><strong>".$connect->ErrorMsg()); // Checked } Index: admin/http_importsurvey.php =================================================================== --- admin/http_importsurvey.php (revision 10605) +++ admin/http_importsurvey.php (working copy) @@ -76,7 +76,7 @@ { $surveyid = sanitize_int($_POST['copysurveylist']); $exclude = array(); - if (get_magic_quotes_gpc()) {$sNewSurveyName = stripslashes($_POST['copysurveyname']);} + if (ls_get_magic_quotes_gpc()) {$sNewSurveyName = stripslashes($_POST['copysurveyname']);} else{ $sNewSurveyName=$_POST['copysurveyname']; } Index: admin/htmleditor-popup.php =================================================================== --- admin/htmleditor-popup.php (revision 10605) +++ admin/htmleditor-popup.php (working copy) @@ -59,7 +59,7 @@ else { $fieldname=$_GET['fieldname']; $fieldtext=$_GET['fieldtext']; - if (get_magic_quotes_gpc()) $fieldtext = stripslashes($fieldtext); + if (ls_get_magic_quotes_gpc()) $fieldtext = stripslashes($fieldtext); $controlidena=$_GET['fieldname'].'_popupctrlena'; $controliddis=$_GET['fieldname'].'_popupctrldis'; Index: save.php =================================================================== --- save.php (revision 10605) +++ save.php (working copy) @@ -513,7 +513,7 @@ $_SESSION[$value] = json_encode($phparray); } } - $values[] = $connect->qstr($_SESSION[$value], get_magic_quotes_gpc()); + $values[] = $connect->qstr($_SESSION[$value], ls_get_magic_quotes_gpc()); // filename is changed from undefined to a random value // update uses $_POST for saving responses $_POST[$value] = $_SESSION[$value]; @@ -540,7 +540,7 @@ $_SESSION[$value]=$datetimeobj->convert("Y-m-d"); $_SESSION[$value]=$connect->BindDate($_SESSION[$value]); } - $values[]=$connect->qstr($_SESSION[$value],get_magic_quotes_gpc()); + $values[]=$connect->qstr($_SESSION[$value],ls_get_magic_quotes_gpc()); } } } Index: common_functions.php =================================================================== --- common_functions.php (revision 10605) +++ common_functions.php (working copy) @@ -426,7 +426,7 @@ // This functions escapes the string only inside { global $connect; - if ($ispostvar) { return $connect->escape($str, get_magic_quotes_gpc());} + if ($ispostvar) { return $connect->escape($str, ls_get_magic_quotes_gpc());} else {return $connect->escape($str);} } @@ -435,7 +435,7 @@ // IF you are quoting a variable from a POST/GET then set $ispostvar to true so it doesnt get quoted twice. { global $connect; - if ($ispostvar) { return $connect->qstr($str, get_magic_quotes_gpc());} + if ($ispostvar) { return $connect->qstr($str, ls_get_magic_quotes_gpc());} else {return $connect->qstr($str);} } @@ -3945,11 +3945,27 @@ return $result; } +/** + * Gets the current configuration setting of magic_quotes_gpc + * Compat variant accross PHP versions incl. PHP 6 + * + * @link http://www.php.net/manual/en/function.get-magic-quotes-gpc.php + * @return int 0 if magic_quotes_gpc is off, 1 otherwise. + */ +function ls_get_magic_quotes_gpc() { + if (function_exists('get_magic_quotes_gpc')) { + $magic_quotes_gpc = get_magic_quotes_gpc(); + } else { + $magic_quotes_gpc = 0; + } + return $magic_quotes_gpc; +} + // make sure the given string (which comes from a POST or GET variable) // is safe to use in MySQL. This does nothing if gpc_magic_quotes is on. function auto_escape($str) { global $connect; - if (!get_magic_quotes_gpc()) { + if (!ls_get_magic_quotes_gpc()) { return $connect->escape($str); } return $str; @@ -3960,8 +3976,9 @@ // a SQL query. function auto_unescape($str) { if (!isset($str)) {return null;}; - if (!get_magic_quotes_gpc()) - return $str; + if (!ls_get_magic_quotes_gpc()) { + return $str; + } return stripslashes($str); } // make a string safe to include in an HTML 'value' attribute. @@ -4300,7 +4317,7 @@ } } $mail->AddCustomHeader("X-Surveymailer: $sitename Emailer (LimeSurvey.sourceforge.net)"); - if (get_magic_quotes_gpc() != "0") {$body = stripcslashes($body);} + if (ls_get_magic_quotes_gpc() != "0") {$body = stripcslashes($body);} if ($ishtml) { $mail->IsHTML(true); $mail->Body = $body; @@ -7060,7 +7077,7 @@ { return null; } - $sanitized_token=$connect->qstr($token,get_magic_quotes_gpc()); + $sanitized_token=$connect->qstr($token,ls_get_magic_quotes_gpc()); $surveyid=sanitize_int($surveyid); $query="SELECT $attrName FROM {$dbprefix}tokens_$surveyid WHERE token=$sanitized_token"; 05377-00-get_magic_quotes_gpc-php-6-forward-compat.diff (1,196 bytes)
### Eclipse Workspace Patch 1.0 #P Limesurvey 1.x trunk stable Index: common_functions.php =================================================================== --- common_functions.php (revision 10605) +++ common_functions.php (working copy) @@ -3945,6 +3945,19 @@ return $result; } +if (!function_exists('get_magic_quotes_gpc')) { + /** + * Gets the current configuration setting of magic_quotes_gpc + * NOTE: Compat variant for PHP 6+ versions + * + * @link http://www.php.net/manual/en/function.get-magic-quotes-gpc.php + * @return int 0 if magic_quotes_gpc is off, 1 otherwise. + */ + function get_magic_quotes_gpc() { + return 0; + } +} + // make sure the given string (which comes from a POST or GET variable) // is safe to use in MySQL. This does nothing if gpc_magic_quotes is on. function auto_escape($str) { @@ -3960,8 +3973,9 @@ // a SQL query. function auto_unescape($str) { if (!isset($str)) {return null;}; - if (!get_magic_quotes_gpc()) - return $str; + if (!get_magic_quotes_gpc()) { + return $str; + } return stripslashes($str); } // make a string safe to include in an HTML 'value' attribute. | ||||
Bug heat | 6 | ||||
Complete LimeSurvey version number (& build) | 1.91 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | Mozilla | ||||
Database type & version | My SQL 5.5.8 | ||||
Server OS (if known) | Windows XP | ||||
Webserver software & version (if known) | Apache 2.217 | ||||
PHP Version | PHP6 | ||||
Forum post: :) |
|
I'm creating a patch right now. |
|
Added a patch. It works by replacing get_magic_quotes_gpc() with ls_get_magic_quotesgpc() (mind the ls in front). The patch does not reflect two external packages that still make use of it: kcfinder and adodb. The alternative would be to create the function if it does not exist returning 0. I'll do a second patch right away. |
|
Second patch attached, it's much less inversive and reflects external packages as well. It works by adding the function get_magic_quotes_gpc() if it does not exists and returning 0 because if the function does not exists, magic quotes are off (the feature is not available any longer). |
|
mot, looks good, please commit. |
|
Committed in 10640. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2011-08-03 09:34 | WAWANSUR | New Issue | |
2011-08-03 09:50 | DenisChenu | Note Added: 15956 | |
2011-08-03 12:54 | mot | Note Added: 15957 | |
2011-08-03 13:03 | mot | File Added: 05377-00-get_magic_quotes_gpc-php-6-no-externals.diff | |
2011-08-03 13:06 | mot | Note Added: 15958 | |
2011-08-03 13:13 | mot | File Added: 05377-00-get_magic_quotes_gpc-php-6-forward-compat.diff | |
2011-08-03 13:15 | mot | Note Added: 15959 | |
2011-08-03 17:46 | c_schmitz | Note Added: 15967 | |
2011-08-03 17:46 | c_schmitz | Assigned To | => mot |
2011-08-03 17:46 | c_schmitz | Status | new => assigned |
2011-08-04 12:29 | mot | Note Added: 15977 | |
2011-08-04 12:29 | mot | Status | assigned => closed |
2011-08-04 12:29 | mot | Resolution | open => fixed |
2011-08-04 12:29 | mot | Fixed in Version | => 1.91+ |