[Xerte-dev] Re: problem with trunk and added slashes?
Smith, John
J.J.Smith at gcu.ac.uk
Mon Aug 26 06:42:57 BST 2013
Thanks Ron,
That is a big help, at least now we know where to look... and I think I've found the problem...
Tom, I have found this function in \lib\typo3\class.t3lib_div.php in moodle code (note the comment about get_magic_quotes_gpc())
function GPvar($var,$strip=0) {
if(empty($var)) return;
$value = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
if (isset($value) && is_string($value)) { $value = stripslashes($value); } // Originally check '&& get_magic_quotes_gpc() ' but the values of $_GET are always slashed regardless of get_magic_quotes_gpc() because HTTP_POST/GET_VARS are run through addSlashesOnArray in the very beginning of index_ts.php eg.
if ($strip && isset($value) && is_array($value)) { t3lib_div::stripSlashesOnArray($value); }
return $value;
}
So if Moodle ALWAYS adds slashes, is it a simple method of also checking whether moodle integration is set? But even if it is, unless it is set to the correct path, it will possibly have stripslashes used incorrectly. The recent change relies on the use of get_magic_quotes_gpc() as a condition to strip the slashes but Moodle ignores this very setting and adds them anyway.
My thoughts are, can we just move this code (and access to any other $_GET/$_POST data) to the VERY TOP of save.php, BEFORE the inclusion of config, so before Moodle has a chance to play with the data?
$unescaped_data = $_POST['filedata'];
if (function_exists(get_magic_quotes_gpc) && get_magic_quotes_gpc())
{
$unescaped_data = stripslashes($_POST['filedata']);
}
Can anyone give that a try with their test setups? I'm not setup to test just now and will be busy at least until the afternoon but can test then if no-one else can... Only possible issue I see is - if moodle adds them anyway and they are then also being added by the server could they be there twice in situations where get_magic_quotes_gpc() is on??
Regards,
John Smith | Learning Technologist
Room A251, Govan Mbeki Building | School of Health & Life Sciences | Glasgow Caledonian University
Cowcaddens Road | Glasgow | G4 0BA
________________________________________
From: xerte-dev-bounces at lists.nottingham.ac.uk [xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell [ronm at mitchellmedia.co.uk]
Sent: 26 August 2013 00:29
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: problem with trunk and added slashes?
Hi John
shutting down now but quickly tested this and with integration path pointing to functions.php instead of a moodle file all is fine. It must be a conflict with Moodle code but it obviously wasn't a problem previously and on the server I'm testing with Moodle code hasn't changed only xot code.
Cheers
Ron
-----Original Message-----
From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Smith, John
Sent: 25 August 2013 23:21
To: xerte-dev at lists.nottingham.ac.uk
Subject: [Xerte-dev] Re: problem with trunk and added slashes?
Hi Ron
What would be interesting to know is whether setting a non-moodle integration path causes a problem or whether Moodle changes it...
Can you try setting the integration path to point to /functions.php
This is already included in config with a require once so should have absolutely no effect.
If all is well then the problem is in the moodle file and we need some way of mitigating the effects. If not then there must be some xerte code causing it.
Regards
John Smith
Learning Technologist
School of Health and Life Sciences
Sent from Samsung Galaxy SII
Ron Mitchell <ronm at mitchellmedia.co.uk> wrote:
Hi Tom
yes I thought the same - turning magic_quotes on isn't really the answer and for instance on the Techdis server magic_quotes has always been off and this hasn't been a problem until whatever the code change was when this started. I've actually been testing a bit after Gayan's recent message and with the latest unstable download from xerte.org.uk the following applies:
Same server, same code with guest auth enabled and crucially no moodle itegration path set all is fine.
Same server, same code even with guest auth rather than moodle auth set the problem happens if a moodle integration path is set.
Could there be a duplicate function name or variable name causing this? Or is there a way of checking if an integration path is set and if so skipping the relevant code?
HTH
Ron
From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Tom Reijnders
Sent: 25 August 2013 20:37
To: For Xerte technical developers
Subject: [Xerte-dev] Re: problem with trunk and added slashes?
Ron,
Gayan's problem is now solved, but not really the solution I wanted. magic_quotes is obsolete, so I want to find where the slashes came from in the first place.
Tom
Op 22-8-2013 11:23, Ron Mitchell schreef:
Hi Tom
prompted by the latest message on the Xerte list from RGN Meegama (Gayan) attached I did a quick search for our previous discussion about strip slashes below. I haven't had time to investigate this but I wonder if the message from Gayan indicates why this hasn't been a problem for everyone e.g. only materialises when Moodle integration is used and even then perhaps only with a particular stripslashes setting? I've avoided upgrading any installations until I can find time to investigate and test this properly and I still don't have time to investigate now but I wonder if this helps to point you to the cause/solution? I know this is going to raise the old issue about compatibility with 3rd party applications but as I'm sure you also appreciate the fact remains in my experience next to ldap, Moodle is the next most popular solution for xot account management.
Cheers
Ron
From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Tom Reijnders
Sent: 20 June 2013 23:04
To: For Xerte technical developers
Subject: [Xerte-dev] Re: problem with trunk and added slashes?
The fact that not all people have control over this was the reason for the fix. The old code called stripslashes regardless of the settings resulting in backslashes being removed from prior escapes and LaTeX expressions.
But given your settings, I don't understand where the slashes as coming from.
Tom
Ron Mitchell <ronm at mitchellmedia.co.uk<mailto:ronm at mitchellmedia.co.uk>> schreef:
Hi Tom
sorry for the delayed response been at an event all day and only just on the train home. Magic quotes settins are as follows:
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
But this has been the case previously too when this wasn't a problem. I have full control over this server which has 3 separate xot installations so I could change the magic quotes settings but lots of people obviously won't have control over that e.g. on share d hosting etc
HTH
Ron
From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Tom Reijnders
Sent: 20 June 2013 07:52
To: For Xerte technical developers
Subject: [Xerte-dev] Re: problem with trunk and added slashes?
It has probable caused by r958 (2.0) and r956(trunk). What are your magic_quote settings in php.ini?
Tom
Op 19-6-2013 18:40, Ron Mitchell schreef:
Hi all
I just replied to a message from John where I've already mentioned this but thought I should start a new thread too as this may be unrelated to the main focus of that other thread…
I updated a test install with the latest code from trunk and notice that as soon as I edited and published an LO it was adding extra slashes and thefore breaking preview/play. Here's some sample xml showing the slashes that got added to both preview.xml and data.xml
<learningObject resume=\"true\" language=\"en-GB\" name=\"Learning Object Title\" navigation=\"Linear\" textSize=\"12\" displayMode=\"default\">
<title linkID=\"PG1371648227672\" name=\"Enter Page Title\" size=\"30\"><![CDATA[Enter title here]]></title>
<textGraphics hidePanel=\"true\" linkID=\"PG1361433467001\" name=\"Enter Page Title\" align=\"Left\" imagesize=\"full screen\" url=\"FileLocation + \'media/800_x_516.jpg\'\" tip=\"Enter a Tooltip\" transcriptbuttonlabel=\"Transcript\"><![CDATA[Enter text for the page here]]></textGraphics>
<textGraphics linkID=\"PG1359043029659\" name=\"Enter Page Title\" align=\"Left\" imagesize=\"full screen\" url=\"FileLocation + \'media/xpert_logo.gif\'\" tip=\"Enter a Tooltip\" transcriptbuttonlabel=\"Transcript\"><![CDATA[Enter text for the page here]]></textGraphics>
</learningObject>
I updated an install that was already version 2 but still quite a few revisions applied so not sure what revision is causing this but I reverted the code fixed the xml from my test project and all was fine. Re-applied the code and problem returned.
Any ideas?
HTH
Cheers
Ron
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
--
--
Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
--
Verzonden van mijn Android telefoon met K-9 Mail.
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
--
--
Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
Glasgow Caledonian University is a registered Scottish charity, number SC021474
Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
Glasgow Caledonian University is a registered Scottish charity, number SC021474
Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
More information about the Xerte-dev
mailing list