[stariocek]

I've found poor interest and tehnical dificulties when asking my hosting provider to disable Magic Quotes. There is a way with adding .php_ini to every subdirectory and then another solution if the 1st one is not working etc etc ... for Apache ... And I'm not sure about Nginx ...

Simple solution could be:
- to add pypass piece of kode to top level files of Admin Panel and Comments
- then add checkbox to Admin Panel, to switch that code On/Off
- and disable MagicQuotes bypass code by default.

Well, MagicQuotes are comming out of style, but hosting providers can hang on old PHP versions for years ...

lp, stariocek

--------------------------------------------------

I'm using this solution:

PHP Code:

<?php

if (get_magic_quotes_gpc()) {

    function stripslashes_deep($value) {

        if (is_array($value)) {

            $value = array_map('stripslashes_deep', $value);

        } else if (is_object($value)) {

            $vars = get_object_vars( $value );

            foreach ($vars as $key=>$data) {

                $value->{$key} = stripslashes_deep( $data );

            }

        } else {

            $value = stripslashes($value);

        }

        return $value;

    }



    $_POST = array_map('stripslashes_deep', $_POST);

    $_GET = array_map('stripslashes_deep', $_GET);

    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);

    $_REQUEST = array_map('stripslashes_deep', $_REQUEST);

} 

?>

[Steven]

Hi,

I agree it looks like it will be a while before Magic Quotes is completely gone. Also, I agree it can be difficult in some cases to disable it using php.ini.

I actually experimented a few months ago with the same solution that you posted. And although it worked, I was hesitant to add it because of the following two reasons:

1. What happens if the solution is enabled but Magic Quotes is not enabled? This could happen if the user enables the solution now and then eventually in the future Magic Quotes is removed from PHP. Will the user know to disable the solution at the right time.

2. The solution (on the frontend) would affect the entire page, and not just Commentics. What if the user has another script on the page which relies on Magic Quotes being enabled? This could pose a security threat.

[stariocek]

TRUE - my idea was not good, can cause problems ...

lp, stariocek

[Steven]

I think it could still be added.

1. The solution could start with a check like this:

PHP Code:

<?php

if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {

?>

[stariocek]

Yes. Disabled by default and with big red alert on admin pannel when false.

Or even mail to admin email address when false?

if (quotes_in_system == false) && (admin_quotes_filter == enabled)
{
small_mail_flood_to_admin ;
}
else
{

}