Opened 13 years ago
Closed 7 years ago
#19455 closed defect (bug) (wontfix)
The "magic_quotes_sybase" Problem
Reported by: | summerblue | Owned by: | johnbillion |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Bootstrap/Load | Keywords: | needs-patch needs-unit-tests |
Focuses: | Cc: |
Description (last modified by )
Post A Post, titled (in the double quote) : "Charlie's little cat"
It will become (in the double quote) : "Charlie''s little cat"
Notice that, single quote become double quotes!!
YES , My 'magic_quotes_gpc' and 'magic_quotes_sybase' are enabled!
Here is The PHP.NET links: http://php.net/manual/en/security.magicquotes.disabling.php
Attachments (5)
Change History (25)
#3
@
13 years ago
Here is the solution :
Remove the line below, it's in the "wp-settings.php" Line 33. It's in the wrong position!
@ini_set( 'magic_quotes_sybase', 0 );
And then, in the "wp-includes/load.php", in The function "wp_magic_quotes()" add the code below, immediately after "if ( get_magic_quotes_gpc() ) {}"
function wp_magic_quotes() { // If already slashed, strip. if ( get_magic_quotes_gpc() ) { $_GET = stripslashes_deep( $_GET ); $_POST = stripslashes_deep( $_POST ); $_COOKIE = stripslashes_deep( $_COOKIE ); } // Put it right here can solve the Problem. // Just Mack sure turn of action is Occur after the "stripslashes_deep" action has done. if(ini_get('magic_quotes_sybase') && function_exists('ini_set')) { ini_set( 'magic_quotes_sybase', 0 ); } // Escape with wpdb $_GET = add_magic_quotes( $_GET ); $_POST = add_magic_quotes( $_POST ); $_COOKIE = add_magic_quotes( $_COOKIE ); $_SERVER = add_magic_quotes( $_SERVER ); // Force REQUEST to be GET + POST $_REQUEST = array_merge( $_GET, $_POST ); } }
#5
@
13 years ago
- Cc kpayne@… added
I can reproduce this. Here's what's happening:
$_POST
comes in with sybase quotes (e.g.Charlie''s little cat
)- magic_quotes_sybase is disabled
- stripslashes() is run on
$_POST
which respects sybase quotes settings.- With sybase quotes disabled (current behavior), stripslashes is looking for
\'
instead of''
and this is not converted correctly. - With sybase quotes still enabled (@summerblue's solution), stripslashes is looking for
''
, and the input is converted properly (e.g.Charlie''s -> Charlie's
), then magic_quotes_sybase is disabled
- With sybase quotes disabled (current behavior), stripslashes is looking for
I tested this solution on all possible combinations of magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase with no problems.
#10
@
9 years ago
- Keywords needs-unit-tests added
- Owner pento deleted
I'm cool with committing this, if it has some unit tests.
#12
@
9 years ago
I've added a first unit tests draft for the patch and am open to suggestions about extension and modifications.
#13
@
9 years ago
- Keywords has-unit-tests added; needs-unit-tests close removed
Working on this at WordPress Contributor Day Milan. We've realised that this requires PHP < 5.4 and magic_quotes_sybase
to be enabled.
Using phpbrew we've reproduced the problem. @lucatume is working on updated tests.
#14
@
9 years ago
Here is the modified version of the tests that's taking care of setting the magic_quotes_sybase
to 1
before running the tests.
Contribution made during 11/7 Contributor Day in Milan, Italy.
#17
@
9 years ago
- Keywords needs-patch needs-unit-tests added; has-patch has-unit-tests removed
- Resolution fixed deleted
- Status changed from closed to reopened
- Version 3.2.1 deleted
Got some breakage on PHP 5.2. https://travis-ci.org/aaronjorbin/develop.wordpress/jobs/91287128
Related: r18549