Magic Quotes

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
I'm trying to make a pastebin, how do I disable magic quotes?

I'm obviously on x10hosting shared hosting, so I dont have php.ini access. php.net says theres some code that can be added to htaccess, but that just made a 500 error. I don't want to have to remove the magic quotes in my PHP script, thats not really very efficient.

What are my options?

~Callum
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
The topic has been covered many times before. The short version: you can't disable magic quotes on the free hosts (if that's where your site is), you can only undo them (which should have minimal impact on response times).

PHP:
<?php // normal_quotes.php. Include this once in any script that needs magic quotes undone
function stripslashes_nested(&$v) {
    if (is_array($v)) {
        return array_map('stripslashes_nested', $v);
    } else {
        return $v = stripslashes($v);
    }
}

if (get_magic_quotes_gpc()) {
    foreach (array('_GET', '_POST', '_COOKIE', '_REQUEST') as $k) {
        stripslashes_nested($GLOBALS[$k]);
    }
}
 
Last edited:

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
I'm on staffserv, but I still can't disable them XD

I worked out that after I had disabled them, WordPress was adding them instead. WordPress has a function built in to remove them:

Code:
$_POST = stripslashes_deep($_POST);

It's stupid enough that PHP does it, but even more stupid that WordPress does it, but I guess it's fixed now

~Callum
 

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
Thanks, that's just what I was looking for :D Do you know why wordpress adds the quotes? I dont want to end up breaking something by editing the core.

~Callum
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
That's what everyone wants to know, and there isn't an answer, as far as I can tell. Others have removed magic quotes with no ill effect, though it's possible that some plugins (or even the core) rely on magic quotes to sanitize data. Only a code audit could tell for certain. You could run an automated tool against your site to test for vulnerabilities, though this might cause an HRU suspension.
 
Last edited:

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
I'm on staff server, I don't think we have them HRU suspensions.

Thanks for your help, I'll experiment :)

~Callum
 
Top