Anonymous Login
2016-09-24 22:48 CEST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
05377Bug reports[All Projects] Installationpublic2011-08-04 12:29
ReporterWAWANSUR 
Assigned Tomot 
PrioritynormalSeverityminor 
StatusclosedResolutionfixed 
Product Version1.91+ 
Target VersionFixed in Version1.91+ 
Summary05377: magic quotes
DescriptionThe function get_magic_quotes_gpc() is not support by PHP6.
This function in common_function.php lines 3952
Complete LimeSurvey version number (& build)1.91
I will donate to the project if issue is resolvedNo
BrowserMozilla
Database & DB-VersionMy SQL 5.5.8
Operating System (Server)Windows XP
Webserver software & versionApache 2.217
PHP VersionPHP6
Attached Files
  • diff file icon 05377-00-get_magic_quotes_gpc-php-6-no-externals.diff (9,513 bytes) 2011-08-03 13:03 -
    ### Eclipse Workspace Patch 1.0
    #P Limesurvey 1.x trunk stable
    Index: admin/tokens.php
    ===================================================================
    --- admin/tokens.php	(revision 10605)
    +++ admin/tokens.php	(working copy)
    @@ -787,7 +787,7 @@
                                 $fieldvalue['bounceaccounthost']=$_POST['bounceaccounthost'];
                             }
     
    -    $connect->AutoExecute("{$dbprefix}surveys", $fieldvalue, 2,"sid=$surveyid",get_magic_quotes_gpc());
    +    $connect->AutoExecute("{$dbprefix}surveys", $fieldvalue, 2,"sid=$surveyid",ls_get_magic_quotes_gpc());
         $tokenoutput .= "<div class='header ui-widget-header'>".$clang->gT("Bounce settings")."</div>\n"
         ."<div class='messagebox ui-corner-all'>"
         ."\t<div class='successheader'>".$clang->gT("Bounce settings have been saved.")."</div>\n"
    Index: admin/browse.php
    ===================================================================
    --- admin/browse.php	(revision 10605)
    +++ admin/browse.php	(working copy)
    @@ -200,7 +200,7 @@
         if ($id < 1) { $id = 1; }
         if (isset($_POST['sql']) && $_POST['sql'])
         {
    -        if (get_magic_quotes_gpc()) {$idquery .= stripslashes($_POST['sql']);}
    +        if (ls_get_magic_quotes_gpc()) {$idquery .= stripslashes($_POST['sql']);}
             else {$idquery .= "{$_POST['sql']}";}
         }
         else {$idquery .= "$surveytable.id = $id";}
    Index: admin/assessments.php
    ===================================================================
    --- admin/assessments.php	(revision 10605)
    +++ admin/assessments.php	(working copy)
    @@ -60,7 +60,7 @@
                 $datarray['id']=$aid;
             }
     
    -        $query = $connect->GetInsertSQL($inserttable, $datarray, get_magic_quotes_gpc());
    +        $query = $connect->GetInsertSQL($inserttable, $datarray, ls_get_magic_quotes_gpc());
             $result=$connect->Execute($query) or safe_die("Error inserting<br />$query<br />".$connect->ErrorMsg());
             if ($first==true)
             {
    Index: admin/templates.php
    ===================================================================
    --- admin/templates.php	(revision 10605)
    +++ admin/templates.php	(working copy)
    @@ -164,7 +164,7 @@
     if (isset ($_POST['changes'])) {
        $changedtext=$_POST['changes'];
        $changedtext=str_replace ('<?','',$changedtext);
    -   if(get_magic_quotes_gpc())
    +   if(ls_get_magic_quotes_gpc())
        {
            $changedtext = stripslashes($changedtext);
        }
    @@ -173,7 +173,7 @@
     if (isset ($_POST['changes_cp'])) {
        $changedtext=$_POST['changes_cp'];
        $changedtext=str_replace ('<?','',$changedtext);
    -   if(get_magic_quotes_gpc())
    +   if(ls_get_magic_quotes_gpc())
        {
            $changedtext = stripslashes($changedtext);
        }
    Index: admin/userrighthandling.php
    ===================================================================
    --- admin/userrighthandling.php	(revision 10605)
    +++ admin/userrighthandling.php	(working copy)
    @@ -18,7 +18,7 @@
     if (isset($_POST['uid'])) {$postuserid=sanitize_int($_POST['uid']);}
     if (isset($_POST['ugid'])) {$postusergroupid=sanitize_int($_POST['ugid']);}
     
    -if (get_magic_quotes_gpc())
    +if (ls_get_magic_quotes_gpc())
     {$_POST  = array_map('recursive_stripslashes', $_POST);}
     
     $js_admin_includes[]='../scripts/jquery/jquery.tablesorter.min.js';
    Index: admin/labels.php
    ===================================================================
    --- admin/labels.php	(revision 10605)
    +++ admin/labels.php	(working copy)
    @@ -22,7 +22,7 @@
     // unescaped strings in switch case
     //if (get_magic_quotes_gpc())
     //$_POST  = array_map('stripslashes', $_POST);
    -if (isset($_POST['method']) && get_magic_quotes_gpc())
    +if (isset($_POST['method']) && ls_get_magic_quotes_gpc())
     {
         $_POST['method']  = stripslashes($_POST['method']);
     }
    Index: admin/database.php
    ===================================================================
    --- admin/database.php	(revision 10605)
    +++ admin/database.php	(working copy)
    @@ -23,7 +23,7 @@
     $postqid=returnglobal('qid');
     $postqaid=returnglobal('qaid');
     
    -if (get_magic_quotes_gpc())
    +if (ls_get_magic_quotes_gpc())
     {$_POST  = array_map('recursive_stripslashes', $_POST);}
     
     
    @@ -1119,7 +1119,7 @@
                                 'tokenlength'=>$_POST['tokenlength']
             );
     
    -        $usquery=$connect->GetUpdateSQL($rs, $updatearray, false, get_magic_quotes_gpc());
    +        $usquery=$connect->GetUpdateSQL($rs, $updatearray, false, ls_get_magic_quotes_gpc());
             if ($usquery) {
                 $usresult = $connect->Execute($usquery) or safe_die("Error updating<br />".$usquery."<br /><br /><strong>".$connect->ErrorMsg());  // Checked
             }
    Index: admin/http_importsurvey.php
    ===================================================================
    --- admin/http_importsurvey.php	(revision 10605)
    +++ admin/http_importsurvey.php	(working copy)
    @@ -76,7 +76,7 @@
     {
         $surveyid = sanitize_int($_POST['copysurveylist']);
         $exclude = array();
    -    if (get_magic_quotes_gpc()) {$sNewSurveyName = stripslashes($_POST['copysurveyname']);}
    +    if (ls_get_magic_quotes_gpc()) {$sNewSurveyName = stripslashes($_POST['copysurveyname']);}
         else{
             $sNewSurveyName=$_POST['copysurveyname'];
         }
    Index: admin/htmleditor-popup.php
    ===================================================================
    --- admin/htmleditor-popup.php	(revision 10605)
    +++ admin/htmleditor-popup.php	(working copy)
    @@ -59,7 +59,7 @@
     else {
         $fieldname=$_GET['fieldname'];
         $fieldtext=$_GET['fieldtext'];
    -    if (get_magic_quotes_gpc()) $fieldtext = stripslashes($fieldtext);
    +    if (ls_get_magic_quotes_gpc()) $fieldtext = stripslashes($fieldtext);
         $controlidena=$_GET['fieldname'].'_popupctrlena';
         $controliddis=$_GET['fieldname'].'_popupctrldis';
     
    Index: save.php
    ===================================================================
    --- save.php	(revision 10605)
    +++ save.php	(working copy)
    @@ -513,7 +513,7 @@
                                 $_SESSION[$value] = json_encode($phparray);
                             }
                         }
    -                    $values[] = $connect->qstr($_SESSION[$value], get_magic_quotes_gpc());
    +                    $values[] = $connect->qstr($_SESSION[$value], ls_get_magic_quotes_gpc());
                         // filename is changed from undefined to a random value
                         // update uses $_POST for saving responses
                         $_POST[$value] = $_SESSION[$value];
    @@ -540,7 +540,7 @@
                             $_SESSION[$value]=$datetimeobj->convert("Y-m-d");
                             $_SESSION[$value]=$connect->BindDate($_SESSION[$value]);
                         }
    -                    $values[]=$connect->qstr($_SESSION[$value],get_magic_quotes_gpc());
    +                    $values[]=$connect->qstr($_SESSION[$value],ls_get_magic_quotes_gpc());
                     }
                 }
             }
    Index: common_functions.php
    ===================================================================
    --- common_functions.php	(revision 10605)
    +++ common_functions.php	(working copy)
    @@ -426,7 +426,7 @@
     // This functions escapes the string only inside
     {
         global $connect;
    -    if ($ispostvar) { return $connect->escape($str, get_magic_quotes_gpc());}
    +    if ($ispostvar) { return $connect->escape($str, ls_get_magic_quotes_gpc());}
         else {return $connect->escape($str);}
     }
     
    @@ -435,7 +435,7 @@
     // IF you are quoting a variable from a POST/GET then set $ispostvar to true so it doesnt get quoted twice.
     {
         global $connect;
    -    if ($ispostvar) { return $connect->qstr($str, get_magic_quotes_gpc());}
    +    if ($ispostvar) { return $connect->qstr($str, ls_get_magic_quotes_gpc());}
         else {return $connect->qstr($str);}
     
     }
    @@ -3945,11 +3945,27 @@
         return $result;
     }
     
    +/**
    + * Gets the current configuration setting of magic_quotes_gpc
    + * Compat variant accross PHP versions incl. PHP 6
    + * 
    + * @link http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
    + * @return int 0 if magic_quotes_gpc is off, 1 otherwise.
    + */
    +function ls_get_magic_quotes_gpc() {
    +    if (function_exists('get_magic_quotes_gpc')) {
    +        $magic_quotes_gpc = get_magic_quotes_gpc();
    +    }  else  {
    +        $magic_quotes_gpc = 0;
    +    }
    +    return $magic_quotes_gpc;
    +}
    +
     // make sure the given string (which comes from a POST or GET variable)
     // is safe to use in MySQL.  This does nothing if gpc_magic_quotes is on.
     function auto_escape($str) {
         global $connect;
    -    if (!get_magic_quotes_gpc()) {
    +    if (!ls_get_magic_quotes_gpc()) {
             return $connect->escape($str);
         }
         return $str;
    @@ -3960,8 +3976,9 @@
     // a SQL query.
     function auto_unescape($str) {
         if (!isset($str)) {return null;};
    -    if (!get_magic_quotes_gpc())
    -    return $str;
    +    if (!ls_get_magic_quotes_gpc()) {
    +        return $str;
    +    }
         return stripslashes($str);
     }
     // make a string safe to include in an HTML 'value' attribute.
    @@ -4300,7 +4317,7 @@
             }
         }
     	$mail->AddCustomHeader("X-Surveymailer: $sitename Emailer (LimeSurvey.sourceforge.net)");
    -	if (get_magic_quotes_gpc() != "0")	{$body = stripcslashes($body);}
    +	if (ls_get_magic_quotes_gpc() != "0")	{$body = stripcslashes($body);}
         if ($ishtml) {
             $mail->IsHTML(true);
         	$mail->Body = $body;
    @@ -7060,7 +7077,7 @@
         {
             return null;
         }
    -    $sanitized_token=$connect->qstr($token,get_magic_quotes_gpc());
    +    $sanitized_token=$connect->qstr($token,ls_get_magic_quotes_gpc());
         $surveyid=sanitize_int($surveyid);
     
         $query="SELECT $attrName FROM {$dbprefix}tokens_$surveyid WHERE token=$sanitized_token";
    
  • diff file icon 05377-00-get_magic_quotes_gpc-php-6-forward-compat.diff (1,196 bytes) 2011-08-03 13:13 -
    ### Eclipse Workspace Patch 1.0
    #P Limesurvey 1.x trunk stable
    Index: common_functions.php
    ===================================================================
    --- common_functions.php	(revision 10605)
    +++ common_functions.php	(working copy)
    @@ -3945,6 +3945,19 @@
         return $result;
     }
     
    +if (!function_exists('get_magic_quotes_gpc')) {
    +    /**
    +     * Gets the current configuration setting of magic_quotes_gpc
    +     * NOTE: Compat variant for PHP 6+ versions
    +     * 
    +     * @link http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
    +     * @return int 0 if magic_quotes_gpc is off, 1 otherwise.
    +     */
    +    function get_magic_quotes_gpc() {
    +        return 0;
    +    }
    +}
    +
     // make sure the given string (which comes from a POST or GET variable)
     // is safe to use in MySQL.  This does nothing if gpc_magic_quotes is on.
     function auto_escape($str) {
    @@ -3960,8 +3973,9 @@
     // a SQL query.
     function auto_unescape($str) {
         if (!isset($str)) {return null;};
    -    if (!get_magic_quotes_gpc())
    -    return $str;
    +    if (!get_magic_quotes_gpc()) {
    +        return $str;
    +    }
         return stripslashes($str);
     }
     // make a string safe to include in an HTML 'value' attribute.
    

-Relationships
+Relationships

-Notes

~15956

DenisChenu (developer)

Forum post:
http://www.limesurvey.org/en/forum/installation-a-update-issues/64135-fatal-error

:)

~15957

mot (reporter)

I'm creating a patch right now.

~15958

mot (reporter)

Added a patch. It works by replacing get_magic_quotes_gpc() with ls_get_magic_quotes_gpc() (mind the ls_ in front). The patch does not reflect two external packages that still make use of it: kcfinder and adodb.

The alternative would be to create the function if it does not exist returning 0. I'll do a second patch right away.

~15959

mot (reporter)

Second patch attached, it's much less inversive and reflects external packages as well. It works by adding the function get_magic_quotes_gpc() if it does not exists and returning 0 because if the function does not exists, magic quotes are off (the feature is not available any longer).

~15967

c_schmitz (administrator)

mot, looks good, please commit.
Thank you.

~15977

mot (reporter)

Committed in 10640.
+Notes

-Issue History
Date Modified Username Field Change
2011-08-03 09:34 WAWANSUR New Issue
2011-08-03 09:50 DenisChenu Note Added: 15956
2011-08-03 12:54 mot Note Added: 15957
2011-08-03 13:03 mot File Added: 05377-00-get_magic_quotes_gpc-php-6-no-externals.diff
2011-08-03 13:06 mot Note Added: 15958
2011-08-03 13:13 mot File Added: 05377-00-get_magic_quotes_gpc-php-6-forward-compat.diff
2011-08-03 13:15 mot Note Added: 15959
2011-08-03 17:46 c_schmitz Note Added: 15967
2011-08-03 17:46 c_schmitz Assigned To => mot
2011-08-03 17:46 c_schmitz Status new => assigned
2011-08-04 12:29 mot Note Added: 15977
2011-08-04 12:29 mot Status assigned => closed
2011-08-04 12:29 mot Resolution open => fixed
2011-08-04 12:29 mot Fixed in Version => 1.91+
+Issue History