View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 05377 | Bug reports | Installation | public | 2011-08-03 09:34 | 2011-08-04 12:29 |
| Reporter | WAWANSUR | Assigned To | mot | ||
| Priority | normal | Severity | minor | ||
| Status | closed | Resolution | fixed | ||
| Product Version | 1.91+ | ||||
| Fixed in Version | 1.91+ | ||||
| Summary | 05377: magic quotes | ||||
| Description | The function get_magic_quotes_gpc() is not support by PHP6. | ||||
| Tags | No tags attached. | ||||
| Attached Files | 05377-00-get_magic_quotes_gpc-php-6-no-externals.diff (9,513 bytes)
### Eclipse Workspace Patch 1.0
#P Limesurvey 1.x trunk stable
Index: admin/tokens.php
===================================================================
--- admin/tokens.php (revision 10605)
+++ admin/tokens.php (working copy)
@@ -787,7 +787,7 @@
$fieldvalue['bounceaccounthost']=$_POST['bounceaccounthost'];
}
- $connect->AutoExecute("{$dbprefix}surveys", $fieldvalue, 2,"sid=$surveyid",get_magic_quotes_gpc());
+ $connect->AutoExecute("{$dbprefix}surveys", $fieldvalue, 2,"sid=$surveyid",ls_get_magic_quotes_gpc());
$tokenoutput .= "<div class='header ui-widget-header'>".$clang->gT("Bounce settings")."</div>\n"
."<div class='messagebox ui-corner-all'>"
."\t<div class='successheader'>".$clang->gT("Bounce settings have been saved.")."</div>\n"
Index: admin/browse.php
===================================================================
--- admin/browse.php (revision 10605)
+++ admin/browse.php (working copy)
@@ -200,7 +200,7 @@
if ($id < 1) { $id = 1; }
if (isset($_POST['sql']) && $_POST['sql'])
{
- if (get_magic_quotes_gpc()) {$idquery .= stripslashes($_POST['sql']);}
+ if (ls_get_magic_quotes_gpc()) {$idquery .= stripslashes($_POST['sql']);}
else {$idquery .= "{$_POST['sql']}";}
}
else {$idquery .= "$surveytable.id = $id";}
Index: admin/assessments.php
===================================================================
--- admin/assessments.php (revision 10605)
+++ admin/assessments.php (working copy)
@@ -60,7 +60,7 @@
$datarray['id']=$aid;
}
- $query = $connect->GetInsertSQL($inserttable, $datarray, get_magic_quotes_gpc());
+ $query = $connect->GetInsertSQL($inserttable, $datarray, ls_get_magic_quotes_gpc());
$result=$connect->Execute($query) or safe_die("Error inserting<br />$query<br />".$connect->ErrorMsg());
if ($first==true)
{
Index: admin/templates.php
===================================================================
--- admin/templates.php (revision 10605)
+++ admin/templates.php (working copy)
@@ -164,7 +164,7 @@
if (isset ($_POST['changes'])) {
$changedtext=$_POST['changes'];
$changedtext=str_replace ('<?','',$changedtext);
- if(get_magic_quotes_gpc())
+ if(ls_get_magic_quotes_gpc())
{
$changedtext = stripslashes($changedtext);
}
@@ -173,7 +173,7 @@
if (isset ($_POST['changes_cp'])) {
$changedtext=$_POST['changes_cp'];
$changedtext=str_replace ('<?','',$changedtext);
- if(get_magic_quotes_gpc())
+ if(ls_get_magic_quotes_gpc())
{
$changedtext = stripslashes($changedtext);
}
Index: admin/userrighthandling.php
===================================================================
--- admin/userrighthandling.php (revision 10605)
+++ admin/userrighthandling.php (working copy)
@@ -18,7 +18,7 @@
if (isset($_POST['uid'])) {$postuserid=sanitize_int($_POST['uid']);}
if (isset($_POST['ugid'])) {$postusergroupid=sanitize_int($_POST['ugid']);}
-if (get_magic_quotes_gpc())
+if (ls_get_magic_quotes_gpc())
{$_POST = array_map('recursive_stripslashes', $_POST);}
$js_admin_includes[]='../scripts/jquery/jquery.tablesorter.min.js';
Index: admin/labels.php
===================================================================
--- admin/labels.php (revision 10605)
+++ admin/labels.php (working copy)
@@ -22,7 +22,7 @@
// unescaped strings in switch case
//if (get_magic_quotes_gpc())
//$_POST = array_map('stripslashes', $_POST);
-if (isset($_POST['method']) && get_magic_quotes_gpc())
+if (isset($_POST['method']) && ls_get_magic_quotes_gpc())
{
$_POST['method'] = stripslashes($_POST['method']);
}
Index: admin/database.php
===================================================================
--- admin/database.php (revision 10605)
+++ admin/database.php (working copy)
@@ -23,7 +23,7 @@
$postqid=returnglobal('qid');
$postqaid=returnglobal('qaid');
-if (get_magic_quotes_gpc())
+if (ls_get_magic_quotes_gpc())
{$_POST = array_map('recursive_stripslashes', $_POST);}
@@ -1119,7 +1119,7 @@
'tokenlength'=>$_POST['tokenlength']
);
- $usquery=$connect->GetUpdateSQL($rs, $updatearray, false, get_magic_quotes_gpc());
+ $usquery=$connect->GetUpdateSQL($rs, $updatearray, false, ls_get_magic_quotes_gpc());
if ($usquery) {
$usresult = $connect->Execute($usquery) or safe_die("Error updating<br />".$usquery."<br /><br /><strong>".$connect->ErrorMsg()); // Checked
}
Index: admin/http_importsurvey.php
===================================================================
--- admin/http_importsurvey.php (revision 10605)
+++ admin/http_importsurvey.php (working copy)
@@ -76,7 +76,7 @@
{
$surveyid = sanitize_int($_POST['copysurveylist']);
$exclude = array();
- if (get_magic_quotes_gpc()) {$sNewSurveyName = stripslashes($_POST['copysurveyname']);}
+ if (ls_get_magic_quotes_gpc()) {$sNewSurveyName = stripslashes($_POST['copysurveyname']);}
else{
$sNewSurveyName=$_POST['copysurveyname'];
}
Index: admin/htmleditor-popup.php
===================================================================
--- admin/htmleditor-popup.php (revision 10605)
+++ admin/htmleditor-popup.php (working copy)
@@ -59,7 +59,7 @@
else {
$fieldname=$_GET['fieldname'];
$fieldtext=$_GET['fieldtext'];
- if (get_magic_quotes_gpc()) $fieldtext = stripslashes($fieldtext);
+ if (ls_get_magic_quotes_gpc()) $fieldtext = stripslashes($fieldtext);
$controlidena=$_GET['fieldname'].'_popupctrlena';
$controliddis=$_GET['fieldname'].'_popupctrldis';
Index: save.php
===================================================================
--- save.php (revision 10605)
+++ save.php (working copy)
@@ -513,7 +513,7 @@
$_SESSION[$value] = json_encode($phparray);
}
}
- $values[] = $connect->qstr($_SESSION[$value], get_magic_quotes_gpc());
+ $values[] = $connect->qstr($_SESSION[$value], ls_get_magic_quotes_gpc());
// filename is changed from undefined to a random value
// update uses $_POST for saving responses
$_POST[$value] = $_SESSION[$value];
@@ -540,7 +540,7 @@
$_SESSION[$value]=$datetimeobj->convert("Y-m-d");
$_SESSION[$value]=$connect->BindDate($_SESSION[$value]);
}
- $values[]=$connect->qstr($_SESSION[$value],get_magic_quotes_gpc());
+ $values[]=$connect->qstr($_SESSION[$value],ls_get_magic_quotes_gpc());
}
}
}
Index: common_functions.php
===================================================================
--- common_functions.php (revision 10605)
+++ common_functions.php (working copy)
@@ -426,7 +426,7 @@
// This functions escapes the string only inside
{
global $connect;
- if ($ispostvar) { return $connect->escape($str, get_magic_quotes_gpc());}
+ if ($ispostvar) { return $connect->escape($str, ls_get_magic_quotes_gpc());}
else {return $connect->escape($str);}
}
@@ -435,7 +435,7 @@
// IF you are quoting a variable from a POST/GET then set $ispostvar to true so it doesnt get quoted twice.
{
global $connect;
- if ($ispostvar) { return $connect->qstr($str, get_magic_quotes_gpc());}
+ if ($ispostvar) { return $connect->qstr($str, ls_get_magic_quotes_gpc());}
else {return $connect->qstr($str);}
}
@@ -3945,11 +3945,27 @@
return $result;
}
+/**
+ * Gets the current configuration setting of magic_quotes_gpc
+ * Compat variant accross PHP versions incl. PHP 6
+ *
+ * @link http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
+ * @return int 0 if magic_quotes_gpc is off, 1 otherwise.
+ */
+function ls_get_magic_quotes_gpc() {
+ if (function_exists('get_magic_quotes_gpc')) {
+ $magic_quotes_gpc = get_magic_quotes_gpc();
+ } else {
+ $magic_quotes_gpc = 0;
+ }
+ return $magic_quotes_gpc;
+}
+
// make sure the given string (which comes from a POST or GET variable)
// is safe to use in MySQL. This does nothing if gpc_magic_quotes is on.
function auto_escape($str) {
global $connect;
- if (!get_magic_quotes_gpc()) {
+ if (!ls_get_magic_quotes_gpc()) {
return $connect->escape($str);
}
return $str;
@@ -3960,8 +3976,9 @@
// a SQL query.
function auto_unescape($str) {
if (!isset($str)) {return null;};
- if (!get_magic_quotes_gpc())
- return $str;
+ if (!ls_get_magic_quotes_gpc()) {
+ return $str;
+ }
return stripslashes($str);
}
// make a string safe to include in an HTML 'value' attribute.
@@ -4300,7 +4317,7 @@
}
}
$mail->AddCustomHeader("X-Surveymailer: $sitename Emailer (LimeSurvey.sourceforge.net)");
- if (get_magic_quotes_gpc() != "0") {$body = stripcslashes($body);}
+ if (ls_get_magic_quotes_gpc() != "0") {$body = stripcslashes($body);}
if ($ishtml) {
$mail->IsHTML(true);
$mail->Body = $body;
@@ -7060,7 +7077,7 @@
{
return null;
}
- $sanitized_token=$connect->qstr($token,get_magic_quotes_gpc());
+ $sanitized_token=$connect->qstr($token,ls_get_magic_quotes_gpc());
$surveyid=sanitize_int($surveyid);
$query="SELECT $attrName FROM {$dbprefix}tokens_$surveyid WHERE token=$sanitized_token";
05377-00-get_magic_quotes_gpc-php-6-forward-compat.diff (1,196 bytes)
### Eclipse Workspace Patch 1.0
#P Limesurvey 1.x trunk stable
Index: common_functions.php
===================================================================
--- common_functions.php (revision 10605)
+++ common_functions.php (working copy)
@@ -3945,6 +3945,19 @@
return $result;
}
+if (!function_exists('get_magic_quotes_gpc')) {
+ /**
+ * Gets the current configuration setting of magic_quotes_gpc
+ * NOTE: Compat variant for PHP 6+ versions
+ *
+ * @link http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
+ * @return int 0 if magic_quotes_gpc is off, 1 otherwise.
+ */
+ function get_magic_quotes_gpc() {
+ return 0;
+ }
+}
+
// make sure the given string (which comes from a POST or GET variable)
// is safe to use in MySQL. This does nothing if gpc_magic_quotes is on.
function auto_escape($str) {
@@ -3960,8 +3973,9 @@
// a SQL query.
function auto_unescape($str) {
if (!isset($str)) {return null;};
- if (!get_magic_quotes_gpc())
- return $str;
+ if (!get_magic_quotes_gpc()) {
+ return $str;
+ }
return stripslashes($str);
}
// make a string safe to include in an HTML 'value' attribute.
| ||||
| Bug heat | 6 | ||||
| Complete LimeSurvey version number (& build) | 1.91 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | Mozilla | ||||
| Database type & version | My SQL 5.5.8 | ||||
| Server OS (if known) | Windows XP | ||||
| Webserver software & version (if known) | Apache 2.217 | ||||
| PHP Version | PHP6 | ||||
 |
Forum post: :) |
 |
I'm creating a patch right now. |
|
|
Added a patch. It works by replacing get_magic_quotes_gpc() with ls_get_magic_quotesgpc() (mind the ls in front). The patch does not reflect two external packages that still make use of it: kcfinder and adodb. The alternative would be to create the function if it does not exist returning 0. I'll do a second patch right away. |
|
|
Second patch attached, it's much less inversive and reflects external packages as well. It works by adding the function get_magic_quotes_gpc() if it does not exists and returning 0 because if the function does not exists, magic quotes are off (the feature is not available any longer). |
 |
mot, looks good, please commit. |
|
|
Committed in 10640. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2011-08-03 09:34 | WAWANSUR | New Issue | |
| 2011-08-03 09:50 | DenisChenu | Note Added: 15956 | |
| 2011-08-03 12:54 | mot | Note Added: 15957 | |
| 2011-08-03 13:03 | mot | File Added: 05377-00-get_magic_quotes_gpc-php-6-no-externals.diff | |
| 2011-08-03 13:06 | mot | Note Added: 15958 | |
| 2011-08-03 13:13 | mot | File Added: 05377-00-get_magic_quotes_gpc-php-6-forward-compat.diff | |
| 2011-08-03 13:15 | mot | Note Added: 15959 | |
| 2011-08-03 17:46 | c_schmitz | Note Added: 15967 | |
| 2011-08-03 17:46 | c_schmitz | Assigned To | => mot |
| 2011-08-03 17:46 | c_schmitz | Status | new => assigned |
| 2011-08-04 12:29 | mot | Note Added: 15977 | |
| 2011-08-04 12:29 | mot | Status | assigned => closed |
| 2011-08-04 12:29 | mot | Resolution | open => fixed |
| 2011-08-04 12:29 | mot | Fixed in Version | => 1.91+ |
