View Issue Details

IDProjectCategoryView StatusLast Update
05377Bug reports[All Projects] Installationpublic2011-08-04 12:29
ReporterWAWANSURAssigned Tomot 
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version1.91+ 
Target VersionFixed in Version1.91+ 
Summary05377: magic quotes
DescriptionThe function get_magic_quotes_gpc() is not support by PHP6.
This function in common_function.php lines 3952
TagsNo tags attached.
Complete LimeSurvey version number (& build)1.91
I will donate to the project if issue is resolvedNo
BrowserMozilla
Database & DB-VersionMy SQL 5.5.8
Operating System (Server)Windows XP
Webserver software & versionApache 2.217
PHP VersionPHP6

Activities

DenisChenu

DenisChenu

2011-08-03 09:50

developer   ~15956

Forum post:
http://www.limesurvey.org/en/forum/installation-a-update-issues/64135-fatal-error

:)
mot

mot

2011-08-03 12:54

reporter   ~15957

I'm creating a patch right now.
mot

mot

2011-08-03 13:03

reporter  

05377-00-get_magic_quotes_gpc-php-6-no-externals.diff (9,513 bytes)
### Eclipse Workspace Patch 1.0
#P Limesurvey 1.x trunk stable
Index: admin/tokens.php
===================================================================
--- admin/tokens.php	(revision 10605)
+++ admin/tokens.php	(working copy)
@@ -787,7 +787,7 @@
                             $fieldvalue['bounceaccounthost']=$_POST['bounceaccounthost'];
                         }
 
-    $connect->AutoExecute("{$dbprefix}surveys", $fieldvalue, 2,"sid=$surveyid",get_magic_quotes_gpc());
+    $connect->AutoExecute("{$dbprefix}surveys", $fieldvalue, 2,"sid=$surveyid",ls_get_magic_quotes_gpc());
     $tokenoutput .= "<div class='header ui-widget-header'>".$clang->gT("Bounce settings")."</div>\n"
     ."<div class='messagebox ui-corner-all'>"
     ."\t<div class='successheader'>".$clang->gT("Bounce settings have been saved.")."</div>\n"
Index: admin/browse.php
===================================================================
--- admin/browse.php	(revision 10605)
+++ admin/browse.php	(working copy)
@@ -200,7 +200,7 @@
     if ($id < 1) { $id = 1; }
     if (isset($_POST['sql']) && $_POST['sql'])
     {
-        if (get_magic_quotes_gpc()) {$idquery .= stripslashes($_POST['sql']);}
+        if (ls_get_magic_quotes_gpc()) {$idquery .= stripslashes($_POST['sql']);}
         else {$idquery .= "{$_POST['sql']}";}
     }
     else {$idquery .= "$surveytable.id = $id";}
Index: admin/assessments.php
===================================================================
--- admin/assessments.php	(revision 10605)
+++ admin/assessments.php	(working copy)
@@ -60,7 +60,7 @@
             $datarray['id']=$aid;
         }
 
-        $query = $connect->GetInsertSQL($inserttable, $datarray, get_magic_quotes_gpc());
+        $query = $connect->GetInsertSQL($inserttable, $datarray, ls_get_magic_quotes_gpc());
         $result=$connect->Execute($query) or safe_die("Error inserting<br />$query<br />".$connect->ErrorMsg());
         if ($first==true)
         {
Index: admin/templates.php
===================================================================
--- admin/templates.php	(revision 10605)
+++ admin/templates.php	(working copy)
@@ -164,7 +164,7 @@
 if (isset ($_POST['changes'])) {
    $changedtext=$_POST['changes'];
    $changedtext=str_replace ('<?','',$changedtext);
-   if(get_magic_quotes_gpc())
+   if(ls_get_magic_quotes_gpc())
    {
        $changedtext = stripslashes($changedtext);
    }
@@ -173,7 +173,7 @@
 if (isset ($_POST['changes_cp'])) {
    $changedtext=$_POST['changes_cp'];
    $changedtext=str_replace ('<?','',$changedtext);
-   if(get_magic_quotes_gpc())
+   if(ls_get_magic_quotes_gpc())
    {
        $changedtext = stripslashes($changedtext);
    }
Index: admin/userrighthandling.php
===================================================================
--- admin/userrighthandling.php	(revision 10605)
+++ admin/userrighthandling.php	(working copy)
@@ -18,7 +18,7 @@
 if (isset($_POST['uid'])) {$postuserid=sanitize_int($_POST['uid']);}
 if (isset($_POST['ugid'])) {$postusergroupid=sanitize_int($_POST['ugid']);}
 
-if (get_magic_quotes_gpc())
+if (ls_get_magic_quotes_gpc())
 {$_POST  = array_map('recursive_stripslashes', $_POST);}
 
 $js_admin_includes[]='../scripts/jquery/jquery.tablesorter.min.js';
Index: admin/labels.php
===================================================================
--- admin/labels.php	(revision 10605)
+++ admin/labels.php	(working copy)
@@ -22,7 +22,7 @@
 // unescaped strings in switch case
 //if (get_magic_quotes_gpc())
 //$_POST  = array_map('stripslashes', $_POST);
-if (isset($_POST['method']) && get_magic_quotes_gpc())
+if (isset($_POST['method']) && ls_get_magic_quotes_gpc())
 {
     $_POST['method']  = stripslashes($_POST['method']);
 }
Index: admin/database.php
===================================================================
--- admin/database.php	(revision 10605)
+++ admin/database.php	(working copy)
@@ -23,7 +23,7 @@
 $postqid=returnglobal('qid');
 $postqaid=returnglobal('qaid');
 
-if (get_magic_quotes_gpc())
+if (ls_get_magic_quotes_gpc())
 {$_POST  = array_map('recursive_stripslashes', $_POST);}
 
 
@@ -1119,7 +1119,7 @@
                             'tokenlength'=>$_POST['tokenlength']
         );
 
-        $usquery=$connect->GetUpdateSQL($rs, $updatearray, false, get_magic_quotes_gpc());
+        $usquery=$connect->GetUpdateSQL($rs, $updatearray, false, ls_get_magic_quotes_gpc());
         if ($usquery) {
             $usresult = $connect->Execute($usquery) or safe_die("Error updating<br />".$usquery."<br /><br /><strong>".$connect->ErrorMsg());  // Checked
         }
Index: admin/http_importsurvey.php
===================================================================
--- admin/http_importsurvey.php	(revision 10605)
+++ admin/http_importsurvey.php	(working copy)
@@ -76,7 +76,7 @@
 {
     $surveyid = sanitize_int($_POST['copysurveylist']);
     $exclude = array();
-    if (get_magic_quotes_gpc()) {$sNewSurveyName = stripslashes($_POST['copysurveyname']);}
+    if (ls_get_magic_quotes_gpc()) {$sNewSurveyName = stripslashes($_POST['copysurveyname']);}
     else{
         $sNewSurveyName=$_POST['copysurveyname'];
     }
Index: admin/htmleditor-popup.php
===================================================================
--- admin/htmleditor-popup.php	(revision 10605)
+++ admin/htmleditor-popup.php	(working copy)
@@ -59,7 +59,7 @@
 else {
     $fieldname=$_GET['fieldname'];
     $fieldtext=$_GET['fieldtext'];
-    if (get_magic_quotes_gpc()) $fieldtext = stripslashes($fieldtext);
+    if (ls_get_magic_quotes_gpc()) $fieldtext = stripslashes($fieldtext);
     $controlidena=$_GET['fieldname'].'_popupctrlena';
     $controliddis=$_GET['fieldname'].'_popupctrldis';
 
Index: save.php
===================================================================
--- save.php	(revision 10605)
+++ save.php	(working copy)
@@ -513,7 +513,7 @@
                             $_SESSION[$value] = json_encode($phparray);
                         }
                     }
-                    $values[] = $connect->qstr($_SESSION[$value], get_magic_quotes_gpc());
+                    $values[] = $connect->qstr($_SESSION[$value], ls_get_magic_quotes_gpc());
                     // filename is changed from undefined to a random value
                     // update uses $_POST for saving responses
                     $_POST[$value] = $_SESSION[$value];
@@ -540,7 +540,7 @@
                         $_SESSION[$value]=$datetimeobj->convert("Y-m-d");
                         $_SESSION[$value]=$connect->BindDate($_SESSION[$value]);
                     }
-                    $values[]=$connect->qstr($_SESSION[$value],get_magic_quotes_gpc());
+                    $values[]=$connect->qstr($_SESSION[$value],ls_get_magic_quotes_gpc());
                 }
             }
         }
Index: common_functions.php
===================================================================
--- common_functions.php	(revision 10605)
+++ common_functions.php	(working copy)
@@ -426,7 +426,7 @@
 // This functions escapes the string only inside
 {
     global $connect;
-    if ($ispostvar) { return $connect->escape($str, get_magic_quotes_gpc());}
+    if ($ispostvar) { return $connect->escape($str, ls_get_magic_quotes_gpc());}
     else {return $connect->escape($str);}
 }
 
@@ -435,7 +435,7 @@
 // IF you are quoting a variable from a POST/GET then set $ispostvar to true so it doesnt get quoted twice.
 {
     global $connect;
-    if ($ispostvar) { return $connect->qstr($str, get_magic_quotes_gpc());}
+    if ($ispostvar) { return $connect->qstr($str, ls_get_magic_quotes_gpc());}
     else {return $connect->qstr($str);}
 
 }
@@ -3945,11 +3945,27 @@
     return $result;
 }
 
+/**
+ * Gets the current configuration setting of magic_quotes_gpc
+ * Compat variant accross PHP versions incl. PHP 6
+ * 
+ * @link http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
+ * @return int 0 if magic_quotes_gpc is off, 1 otherwise.
+ */
+function ls_get_magic_quotes_gpc() {
+    if (function_exists('get_magic_quotes_gpc')) {
+        $magic_quotes_gpc = get_magic_quotes_gpc();
+    }  else  {
+        $magic_quotes_gpc = 0;
+    }
+    return $magic_quotes_gpc;
+}
+
 // make sure the given string (which comes from a POST or GET variable)
 // is safe to use in MySQL.  This does nothing if gpc_magic_quotes is on.
 function auto_escape($str) {
     global $connect;
-    if (!get_magic_quotes_gpc()) {
+    if (!ls_get_magic_quotes_gpc()) {
         return $connect->escape($str);
     }
     return $str;
@@ -3960,8 +3976,9 @@
 // a SQL query.
 function auto_unescape($str) {
     if (!isset($str)) {return null;};
-    if (!get_magic_quotes_gpc())
-    return $str;
+    if (!ls_get_magic_quotes_gpc()) {
+        return $str;
+    }
     return stripslashes($str);
 }
 // make a string safe to include in an HTML 'value' attribute.
@@ -4300,7 +4317,7 @@
         }
     }
 	$mail->AddCustomHeader("X-Surveymailer: $sitename Emailer (LimeSurvey.sourceforge.net)");
-	if (get_magic_quotes_gpc() != "0")	{$body = stripcslashes($body);}
+	if (ls_get_magic_quotes_gpc() != "0")	{$body = stripcslashes($body);}
     if ($ishtml) {
         $mail->IsHTML(true);
     	$mail->Body = $body;
@@ -7060,7 +7077,7 @@
     {
         return null;
     }
-    $sanitized_token=$connect->qstr($token,get_magic_quotes_gpc());
+    $sanitized_token=$connect->qstr($token,ls_get_magic_quotes_gpc());
     $surveyid=sanitize_int($surveyid);
 
     $query="SELECT $attrName FROM {$dbprefix}tokens_$surveyid WHERE token=$sanitized_token";
mot

mot

2011-08-03 13:06

reporter   ~15958

Added a patch. It works by replacing get_magic_quotes_gpc() with ls_get_magic_quotes_gpc() (mind the ls_ in front). The patch does not reflect two external packages that still make use of it: kcfinder and adodb.

The alternative would be to create the function if it does not exist returning 0. I'll do a second patch right away.
mot

mot

2011-08-03 13:13

reporter  

05377-00-get_magic_quotes_gpc-php-6-forward-compat.diff (1,196 bytes)
### Eclipse Workspace Patch 1.0
#P Limesurvey 1.x trunk stable
Index: common_functions.php
===================================================================
--- common_functions.php	(revision 10605)
+++ common_functions.php	(working copy)
@@ -3945,6 +3945,19 @@
     return $result;
 }
 
+if (!function_exists('get_magic_quotes_gpc')) {
+    /**
+     * Gets the current configuration setting of magic_quotes_gpc
+     * NOTE: Compat variant for PHP 6+ versions
+     * 
+     * @link http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
+     * @return int 0 if magic_quotes_gpc is off, 1 otherwise.
+     */
+    function get_magic_quotes_gpc() {
+        return 0;
+    }
+}
+
 // make sure the given string (which comes from a POST or GET variable)
 // is safe to use in MySQL.  This does nothing if gpc_magic_quotes is on.
 function auto_escape($str) {
@@ -3960,8 +3973,9 @@
 // a SQL query.
 function auto_unescape($str) {
     if (!isset($str)) {return null;};
-    if (!get_magic_quotes_gpc())
-    return $str;
+    if (!get_magic_quotes_gpc()) {
+        return $str;
+    }
     return stripslashes($str);
 }
 // make a string safe to include in an HTML 'value' attribute.
mot

mot

2011-08-03 13:15

reporter   ~15959

Second patch attached, it's much less inversive and reflects external packages as well. It works by adding the function get_magic_quotes_gpc() if it does not exists and returning 0 because if the function does not exists, magic quotes are off (the feature is not available any longer).
c_schmitz

c_schmitz

2011-08-03 17:46

administrator   ~15967

mot, looks good, please commit.
Thank you.
mot

mot

2011-08-04 12:29

reporter   ~15977

Committed in 10640.

Issue History

Date Modified Username Field Change
2011-08-03 09:34 WAWANSUR New Issue
2011-08-03 09:50 DenisChenu Note Added: 15956
2011-08-03 12:54 mot Note Added: 15957
2011-08-03 13:03 mot File Added: 05377-00-get_magic_quotes_gpc-php-6-no-externals.diff
2011-08-03 13:06 mot Note Added: 15958
2011-08-03 13:13 mot File Added: 05377-00-get_magic_quotes_gpc-php-6-forward-compat.diff
2011-08-03 13:15 mot Note Added: 15959
2011-08-03 17:46 c_schmitz Note Added: 15967
2011-08-03 17:46 c_schmitz Assigned To => mot
2011-08-03 17:46 c_schmitz Status new => assigned
2011-08-04 12:29 mot Note Added: 15977
2011-08-04 12:29 mot Status assigned => closed
2011-08-04 12:29 mot Resolution open => fixed
2011-08-04 12:29 mot Fixed in Version => 1.91+