[Xerte] Re: latex/stripslashes/magic quotes etc

Ron Mitchell ronm at mitchellmedia.co.uk
Tue Jan 22 09:53:07 GMT 2013 

Hi Pat/David

thanks for your responses.

 

Pat - I don't really see why it's relevant to use the console to track tex
requests? The problem is very clear: save.php is stripping the slashes until
there are none left. What's not clear is why it's doing this on some
installations but not on others especially as it doesn't seem to be clearly
due to whether magic_quotes_gpc is on or not. 

 

Also even if the difference was clearly down to magic_quotes_gpc on or off
there's possibly going to be an issue for everyone given the deprecation
etc?

 

David/Pat - given the purpose and function of save.php (e.g. writing the
xml) would it be safe and a universal solution to do the following:

 

if(get_magic_quotes_gpc()) {

if(fwrite($file_handle, stripslashes($_POST['filedata']))!=false){

} else{

if(fwrite($file_handle, $_POST['filedata'])!=false){

}

 

Cheers

Ron

 

 

 

 

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of David Goodwin
Sent: 22 January 2013 09:37
To: Xerte discussion list
Subject: [Xerte] Re: latex/stripslashes/magic quotes etc

 

If magic quotes are enabled, then PHP will call addslashes on all user
supplied input (e.g. $_POST['filedata']);

 

If magic quotes are turned off, the stripslashes will presumably break
things.

 

Having stripslashes there is going to cause issues - as some sites/servers
will have magic quotes turned on, others will have it turned off.

 

The code should do something like :

 

if(get_magic_quotes_gpc()) {

            $_POST['filedata'] = stripslashes($_POST['filedata']);

}

 

 

See : http://uk1.php.net/get_magic_quotes_gpc

 

 

David.

 

 

On 22 Jan 2013, at 01:30, "Pat @ Pgogy" <xerte at pgogywebstuff.com> wrote:





The reason the stripslashes is in there is because without that the file
used to break and every speech mark was prefixed with a slash

 

I don't know if anything has changed with this in php, but I'd be surprised.

 

I would track the tex requests in console to see what is being sent

Pgogy Webstuff - http://www.pgogywebstuff.com
<http://www.pgogywebstuff.com/> 

Makers of web things of a fair to middling quality


On 21 Jan 2013, at 22:02, Paul Swanson <Paul.Swanson at harlandfs.com> wrote:

I think you might be safe, but Pat may be the only one who could really
answer that. 

 

 

Pale Purple Ltd.  (Company No: 5580814)

'Web and Mobile Application Development for Business'

 

http://www.palepurple.co.uk   

Office: 0845 0046746     Mobile: 07792380669 

 

Follow us on Twitter: @PalePurpleLtd

 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20130122/40188cb2/attachment.html>

More information about the Xerte mailing list