Magic Quotes

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by callumacrae, Jan 2, 2011.

  1. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
    I'm trying to make a pastebin, how do I disable magic quotes?

    I'm obviously on x10hosting shared hosting, so I dont have php.ini access. php.net says theres some code that can be added to htaccess, but that just made a 500 error. I don't want to have to remove the magic quotes in my PHP script, thats not really very efficient.

    What are my options?

    ~Callum
     
  2. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    The topic has been covered many times before. The short version: you can't disable magic quotes on the free hosts (if that's where your site is), you can only undo them (which should have minimal impact on response times).

    PHP:
    <?php // normal_quotes.php. Include this once in any script that needs magic quotes undone
    function stripslashes_nested(&$v) {
        if (
    is_array($v)) {
            return 
    array_map('stripslashes_nested'$v);
        } else {
            return 
    $v stripslashes($v);
        }
    }

    if (
    get_magic_quotes_gpc()) {
        foreach (array(
    '_GET''_POST''_COOKIE''_REQUEST') as $k) {
            
    stripslashes_nested($GLOBALS[$k]);
        }
    }
     
    Last edited: Jan 2, 2011
  3. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
    I'm on staffserv, but I still can't disable them XD

    I worked out that after I had disabled them, WordPress was adding them instead. WordPress has a function built in to remove them:

    Code:
    $_POST = stripslashes_deep($_POST);
    It's stupid enough that PHP does it, but even more stupid that WordPress does it, but I guess it's fixed now

    ~Callum
     
  4. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
  5. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
    Thanks, that's just what I was looking for :D Do you know why wordpress adds the quotes? I dont want to end up breaking something by editing the core.

    ~Callum
     
  6. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    That's what everyone wants to know, and there isn't an answer, as far as I can tell. Others have removed magic quotes with no ill effect, though it's possible that some plugins (or even the core) rely on magic quotes to sanitize data. Only a code audit could tell for certain. You could run an automated tool against your site to test for vulnerabilities, though this might cause an HRU suspension.
     
    Last edited: Jan 3, 2011
  7. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
    I'm on staff server, I don't think we have them HRU suspensions.

    Thanks for your help, I'll experiment :)

    ~Callum
     

Share This Page