PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Wed May 24, 2017 8:08 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Mon Oct 15, 2007 2:35 am 
Offline
Tranquility In Moderation
User avatar

Joined: Sun Feb 06, 2005 8:18 pm
Posts: 5001
Location: Indiana
It's still necessary to make code portable and account for those setups which have magic quotes gpc enabled. I've been using this function for.. who knows how long. But perhaps it could be improved? I also offer it to share with other folks.

True definition of a snippet. =] I include it in a page that gets included on every page (like a db_connect.php or something). Probably should find a setup that allows for it to be in a permanent location.

Syntax: [ Download ] [ Hide ]
if (get_magic_quotes_gpc())
{
    $gpc = array('_GET', '_POST', '_COOKIE');
   
    foreach ($gpc AS $sg)
    {
        if (!empty(${$sg}))
        {
            foreach (${$sg} AS $k => $v)
            {
                ${$sg}[$k] = stripslashes($v);
            }
        }
    }
}

_________________
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.


Last edited by Weirdan on Sat Apr 19, 2008 10:32 am, edited 1 time in total.
php tags


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 15, 2007 4:52 am 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13396
Location: New York, NY, US
I think feyd posted a non-recursive array tree walker somewhere here that works for this.

_________________
(#10850)


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 15, 2007 8:06 am 
Offline
Forum Regular
User avatar

Joined: Fri Apr 01, 2005 5:37 pm
Posts: 974
Location: Bay City, Michigan
I would rather just use a .htaccess file.

Syntax: [ Download ] [ Hide ]
php_value register_globals 0
php_value magic_quotes_gpc 0


Saves the overhead of trying to have php fix the problem during execution.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 15, 2007 8:26 am 
Offline
DevNet Master
User avatar

Joined: Sun Jan 21, 2007 12:06 am
Posts: 4135
Zoxive wrote:
I would rather just use a .htaccess file.

Saves the overhead of trying to have php fix the problem during execution.


It's hardly any overhead at all, and applications that require the use of GPC data (such as frameworks and CMS apps), it's good to handle it within the application so that it can be used on any server (even non-Apache servers) without worry.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 15, 2007 10:36 am 
Offline
Briney Mod
User avatar

Joined: Mon Jan 19, 2004 7:11 pm
Posts: 6444
Location: 53.01N x 112.48W
You can optimize it a bit:

Syntax: [ Download ] [ Hide ]
if (get_magic_quotes_gpc())
    foreach(array('_GET','_POST','_COOKIE') AS $sg)
    {
        if (!empty(${$sg}))
           ${$sg} = array_map("stripslashes",${$sg});
    }
}

_________________
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.


Last edited by Weirdan on Sat Apr 19, 2008 10:34 am, edited 1 time in total.
php tags


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 16, 2007 2:55 am 
Offline
Forum Regular

Joined: Tue Jul 05, 2005 3:54 am
Posts: 945
Location: Sofia, Bulgaria
And what if there is array in this $_POST ?

Syntax: [ Download ] [ Hide ]
 
if (get_magic_quotes_gpc()) {
 
    $in = array(&$_GET, &$_POST, &$_COOKIE);
 
    while (list($k,$v) = each($in)) {
 
        foreach ($v as $key => $val) {
 
            if (!is_array($val)) {
 
                $in[$k][$key] = stripslashes($val);
 
                continue;
 
            }
 
            $in[] =& $in[$k][$key];
 
        }
 
    }
 
    unset($in);
 
}
 


Last edited by Weirdan on Sat Apr 19, 2008 10:35 am, edited 1 time in total.
php tags


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 16, 2007 9:51 am 
Offline
Briney Mod
User avatar

Joined: Mon Jan 19, 2004 7:11 pm
Posts: 6444
Location: 53.01N x 112.48W
& what if there is a 2-d array? Good point though - I'm sure the solution will involve either recursion or passing-by-reference somehow - but it's too early in the morning for me to think it through :roll: :wink:

_________________
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 16, 2007 12:16 pm 
Offline
DevNet Master
User avatar

Joined: Mon Sep 19, 2005 6:24 am
Posts: 3587
Location: London
This is why feyd posted the non-recursive array walker for this.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 16, 2007 12:33 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13396
Location: New York, NY, US
A little early more meet to do a mental diff. what is the difference between jmut's and feyd's? Can we decide on a definitive solution?

_________________
(#10850)


Top
 Profile  
 
 Post subject:
PostPosted: Sat Oct 27, 2007 11:17 pm 
Offline
Forum Commoner
User avatar

Joined: Wed Oct 24, 2007 4:13 pm
Posts: 47
Location: Buenos Aires, Argentina
One other think to keep in mind is that if we have a multilevel array, the keys are also escaped. For example,

URL: test.php?a'b[c'd][e'f]=1'2
With magic quotes
Syntax: [ Download ] [ Hide ]
 
array(1) {
  ["a\'b"]=>
  array(1) {
    ["c\'d"]=>
    array(1) {
      ["e\'f"]=>
      string(4) "1\'2"
    }
  }
}
 


Without magic quotes
Syntax: [ Download ] [ Hide ]
 
array(1) {
  ["a'b"]=>
  array(1) {
    ["c'd"]=>
    array(1) {
      ["e'f"]=>
      string(3) "1'2"
    }
  }
}
 


I propose as solution

Syntax: [ Download ] [ Hide ]
 
 
function stripslashes_deep($array) {
    return is_array($array) ? (count($array) > 0 ? array_combine(array_map('stripslashes_deep', array_keys($array)), array_map('stripslashes_deep', array_values($array))) : array()) : stripslashes($array);
}
 
$_GET = stripslashes_deep($_GET);
$_POST = stripslashes_deep($_POST);
$_COOKIE = stripslashes_deep($_COOKIE);
 


Last edited by Weirdan on Sat Apr 19, 2008 10:37 am, edited 1 time in total.
php tags


Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 28, 2007 9:22 pm 
Offline
Forum Contributor

Joined: Wed Aug 09, 2006 4:21 pm
Posts: 166
Location: London, UK
Jenk wrote:
This is why feyd posted the non-recursive array walker for this.


Could you remind me where that is please? I've been looking for it for a while!


Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 28, 2007 9:34 pm 
Offline
Neighborhood Spidermoddy
User avatar

Joined: Mon Mar 29, 2004 4:24 pm
Posts: 31559
Location: Bothell, Washington, USA
georgeoc wrote:
Could you remind me where that is please? I've been looking for it for a while!
I believe Jenk was referring to my replies in ~scottayy's directory tree thread found in Snippets or Critique.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 29, 2007 1:55 pm 
Offline
Forum Contributor

Joined: Wed Aug 09, 2006 4:21 pm
Posts: 166
Location: London, UK
Thanks feyd - that's the one.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 29, 2007 3:08 pm 
Offline
Forum Regular

Joined: Tue Jul 05, 2005 3:54 am
Posts: 945
Location: Sofia, Bulgaria
seppo0010:
while I agree keys is good ot be escaped...in my opinion it is totally up to dev for this to cause problem..meaning who will ever want to use
such weird keys...and if passed with form spoof...they are just not used anyway....
Thats why I think this is not necessary...but I could be missing good reason ot espcape keys too.


Top
 Profile  
 
PostPosted: Fri Apr 18, 2008 3:00 pm 
Offline
Forum Commoner

Joined: Wed Mar 26, 2008 9:51 am
Posts: 27
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


Recursive function
Syntax: [ Download ] [ Hide ]
if (version_compare(phpversion(), 6) === -1) {
    if (get_magic_quotes_gpc()) {
        function stripinputslashes(&$input) {
            if (is_array($input)) {
                foreach ($input as $key => $value) {
                    $input[$key] = stripinputslashes($value);
                }
            }
            else {
                $input = stripslashes($input);
            }
            return true;
        }
        array_walk_recursive($_GET, 'stripinputslashes');
        array_walk_recursive($_POST, 'stripinputslashes');
        array_walk_recursive($_REQUEST, 'stripinputslashes');
    }
}



~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group