Remove SystemTextEncoding::magicDequote,

magic_quotes are deprecated in php 5.3 and removed in 5.4 Signed-off-by: Etienne CHAMPETIER <etienne.champetier@fiducial.net>
pydio · Nov 6, 2013 · ac413ed · cdujeu · Jan 31, 2014 · echampet
1 parent 5656dff
commit ac413ed
Show file tree

Hide file tree

Showing 8 changed files with 59 additions and 31 deletions.
diff --git a/core/src/core/classes/class.AJXP_Utils.php b/core/src/core/classes/class.AJXP_Utils.php
@@ -182,15 +182,15 @@ public static function sanitize($s, $level = AJXP_SANITIZE_HTML, $expand = 'scri
     }
 
     /**
-     * Perform standard urldecode, sanitization, securepath and magicDequote
+     * Perform standard urldecode, sanitization and securepath
      * @static
      * @param $data
      * @param int $sanitizeLevel
      * @return string
      */
     public static function decodeSecureMagic($data, $sanitizeLevel = AJXP_SANITIZE_HTML)
     {
-        return SystemTextEncoding::fromUTF8(AJXP_Utils::sanitize(AJXP_Utils::securePath(SystemTextEncoding::magicDequote($data)), $sanitizeLevel));
+        return SystemTextEncoding::fromUTF8(AJXP_Utils::sanitize(AJXP_Utils::securePath($data), $sanitizeLevel));
     }
     /**
      * Try to load the tmp dir from the CoreConf AJXP_TMP_DIR, or the constant AJXP_TMP_DIR,
@@ -1463,7 +1463,6 @@ public static function parseStandardFormParameters(&$repDef, &$options, $userId
         $replicationGroups = array();
         $switchesGroups = array();
         foreach ($repDef as $key => $value) {
-            $value = SystemTextEncoding::magicDequote($value);
             if( ( ( !empty($prefix) &&  strpos($key, $prefix)!== false && strpos($key, $prefix)==0 ) || empty($prefix) )
                 && strpos($key, "ajxptype") === false
                 && strpos($key, "_original_binary") === false

diff --git a/core/src/core/classes/class.SystemTextEncoding.php b/core/src/core/classes/class.SystemTextEncoding.php
@@ -106,28 +106,16 @@ public static function fromUTF8($filesystemElement, $test = false)
     }
 
     /**
-     * This function is used when the server's PHP configuration is using magic quote
-     * @param string $text
-     * @return string
-     */
-    public static function magicDequote($text)
-    {
-        // If the PHP server enables magic quotes, remove them
-        if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
-            return stripslashes($text);
-        return $text;
-    }
-
-    /**
-     * Successive call of magicDequote and fromUTF8
+     * call fromUTF8
      * @static
      * @param string $filesystemElement
      * @return string
      */
-    public static function fromPostedFileName($filesystemElement)
+    public static function fromPostedFileName(&$filesystemElement)
     {
-        return SystemTextEncoding::fromUTF8(SystemTextEncoding::magicDequote($filesystemElement));
+        return SystemTextEncoding::fromUTF8($filesystemElement);
     }
+
     /**
      * Transform a string from current charset to utf8
      * @static

diff --git a/core/src/core/tests/test.PHP_magic_quotes.php b/core/src/core/tests/test.PHP_magic_quotes.php
@@ -0,0 +1,42 @@
+<?php
+/*
+ * Copyright 2007-2013 Charles du Jeu - Abstrium SAS <team (at) pyd.io>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <http://pyd.io/>.
+ */
+defined('AJXP_EXEC') or die( 'Access not allowed');
+require_once('../classes/class.AbstractTest.php');
+
+/**
+ * Check whether mcrypt is enabled
+ * @package Pydio
+ * @subpackage Tests
+ */
+class PHP_magic_quotes extends AbstractTest
+{
+    public function PHP_magic_quotes() { parent::AbstractTest("Magic quotes disabled", "Magic quotes need to be disabled, only relevent for php 5.3"); }
+    public function doTest()
+    {
+        $this->failedLevel = "error";
+        if (get_magic_quotes_gpc()) {
+            $this->testedParams["Magic quotes disabled"] = "No";
+            return FALSE;
+        }
+        $this->testedParams["Magic quotes disabled"] = "Yes";
+        return TRUE;
+    }
+};
diff --git a/core/src/plugins/access.ajxp_conf/class.ajxp_confAccessDriver.php b/core/src/plugins/access.ajxp_conf/class.ajxp_confAccessDriver.php
@@ -450,7 +450,7 @@ public function switchAction($action, $httpVars, $fileVars)
                     $gName = AJXP_Utils::sanitize(AJXP_Utils::decodeSecureMagic(basename($httpVars["group_path"])), AJXP_SANITIZE_ALPHANUM);
                 } else {
                     $basePath = substr($httpVars["dir"], strlen("/data/users"));
-                    $gName    = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["group_name"]), AJXP_SANITIZE_ALPHANUM);
+                    $gName    = AJXP_Utils::sanitize($httpVars["group_name"], AJXP_SANITIZE_ALPHANUM);
                 }
                 $gLabel   = AJXP_Utils::decodeSecureMagic($httpVars["group_label"]);
                 AuthService::createGroup($basePath, $gName, $gLabel);
@@ -461,7 +461,7 @@ public function switchAction($action, $httpVars, $fileVars)
             break;
 
             case "create_role":
-                $roleId = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["role_id"]), AJXP_SANITIZE_HTML_STRICT);
+                $roleId = AJXP_Utils::sanitize($httpVars["role_id"], AJXP_SANITIZE_HTML_STRICT);
                 if (!strlen($roleId)) {
                     throw new Exception($mess[349]);
                 }
@@ -480,7 +480,7 @@ public function switchAction($action, $httpVars, $fileVars)
             break;
 
             case "edit_role" :
-                $roleId = SystemTextEncoding::magicDequote($httpVars["role_id"]);
+                $roleId = $httpVars["role_id"];
                 $roleGroup = false;
                 if (strpos($roleId, "AJXP_GRP_") === 0) {
                     $groupPath = substr($roleId, strlen("AJXP_GRP_"));
@@ -550,7 +550,7 @@ public function switchAction($action, $httpVars, $fileVars)
 
             case "post_json_role" :
 
-                $roleId = SystemTextEncoding::magicDequote($httpVars["role_id"]);
+                $roleId = $httpVars["role_id"];
                 $roleGroup = false;
                 if (strpos($roleId, "AJXP_GRP_") === 0) {
                     $groupPath = substr($roleId, strlen("AJXP_GRP_"));
@@ -650,7 +650,7 @@ public function switchAction($action, $httpVars, $fileVars)
                     AJXP_XMLWriter::close();
                     return;
                 }
-                $new_user_login = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($httpVars["new_user_login"]), AJXP_SANITIZE_EMAILCHARS);
+                $new_user_login = AJXP_Utils::sanitize($httpVars["new_user_login"], AJXP_SANITIZE_EMAILCHARS);
                 if (AuthService::userExists($new_user_login, "w") || AuthService::isReservedUserId($new_user_login)) {
                     AJXP_XMLWriter::header();
                     AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.43"]);
@@ -919,7 +919,7 @@ public function switchAction($action, $httpVars, $fileVars)
                 $i = 0;
                 while (isSet($httpVars["pref_name_".$i]) && isSet($httpVars["pref_value_".$i])) {
                     $prefName = AJXP_Utils::sanitize($httpVars["pref_name_".$i], AJXP_SANITIZE_ALPHANUM);
-                    $prefValue = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote(($httpVars["pref_value_".$i])));
+                    $prefValue = AJXP_Utils::sanitize($httpVars["pref_value_".$i]);
                     if($prefName == "password") continue;
                     if ($prefName != "pending_folder" && $userObject == null) {
                         $i++;

diff --git a/core/src/plugins/access.fs/class.fsAccessDriver.php b/core/src/plugins/access.fs/class.fsAccessDriver.php
@@ -370,7 +370,6 @@ public function switchAction($action, $httpVars, $fileVars)
                 if (isSet($httpVars["encode"]) && $httpVars["encode"] == "base64") {
                     $code = base64_decode($code);
                 } else {
-                    $code = SystemTextEncoding::magicDequote($code);
                     $code=str_replace("&lt;","<",$code);
                 }
                 $fileName = $this->urlBase.$file;
@@ -735,7 +734,7 @@ public function switchAction($action, $httpVars, $fileVars)
                 if (isSet($httpVars["file"])) {
                     $uniqueFile = AJXP_Utils::decodeSecureMagic($httpVars["file"]);
                 }
-                $dir = AJXP_Utils::securePath(SystemTextEncoding::magicDequote($dir));
+                $dir = AJXP_Utils::securePath($dir);
                 $path = $this->urlBase.($dir!= ""?($dir[0]=="/"?"":"/").$dir:"");
                 $nonPatchedPath = $path;
                 if ($this->wrapperClassName == "fsAccessWrapper") {
@@ -1458,7 +1457,7 @@ public function rename($filePath, $filename_new, $dest = null)
     {
         $nom_fic=basename($filePath);
         $mess = ConfService::getMessages();
-        $filename_new=AJXP_Utils::sanitize(SystemTextEncoding::magicDequote($filename_new), AJXP_SANITIZE_FILENAME);
+        $filename_new=AJXP_Utils::sanitize($filename_new, AJXP_SANITIZE_FILENAME);
         $filename_new = substr($filename_new, 0, ConfService::getCoreConf("NODENAME_MAX_LENGTH"));
         $old=$this->urlBase."/$filePath";
         if (!$this->isWriteable($old)) {

diff --git a/core/src/plugins/core.conf/class.AbstractConfDriver.php b/core/src/plugins/core.conf/class.AbstractConfDriver.php
@@ -560,7 +560,7 @@ public function switchAction($action, $httpVars, $fileVars)
                 $i = 0;
                 while (isSet($httpVars["pref_name_".$i]) && isSet($httpVars["pref_value_".$i])) {
                     $prefName = AJXP_Utils::sanitize($httpVars["pref_name_".$i], AJXP_SANITIZE_ALPHANUM);
-                    $prefValue = AJXP_Utils::sanitize(SystemTextEncoding::magicDequote(($httpVars["pref_value_".$i])));
+                    $prefValue = AJXP_Utils::sanitize($httpVars["pref_value_".$i]);
                     if($prefName == "password") continue;
                     if ($prefName != "pending_folder" && $userObject == null) {
                         $i++;

diff --git a/core/src/plugins/editor.pixlr/class.PixlrEditor.php b/core/src/plugins/editor.pixlr/class.PixlrEditor.php
@@ -43,7 +43,7 @@ public function switchAction($action, $httpVars, $filesVars)
     if ($action == "post_to_server") {
 
       $file = base64_decode($httpVars["file"]);
-      $file = SystemTextEncoding::magicDequote(AJXP_Utils::securePath($file));
+      $file = AJXP_Utils::securePath($file);
       $target = base64_decode($httpVars["parent_url"])."/plugins/editor.pixlr";
       $tmp = call_user_func(array($streamData["classname"], "getRealFSReference"), $destStreamURL.$file);
       $tmp = SystemTextEncoding::fromUTF8($tmp);

diff --git a/core/src/plugins/editor.zoho/class.ZohoEditor.php b/core/src/plugins/editor.zoho/class.ZohoEditor.php
@@ -59,7 +59,7 @@ public function switchAction($action, $httpVars, $filesVars)
             require_once(AJXP_BIN_FOLDER."/http_class/http_class.php");
 
             $file = base64_decode($httpVars["file"]);
-            $file = SystemTextEncoding::magicDequote(AJXP_Utils::securePath($file));
+            $file = AJXP_Utils::securePath($file);
             $target = base64_decode($httpVars["parent_url"]);
             $tmp = call_user_func(array($streamData["classname"], "getRealFSReference"), $destStreamURL.$file);
             $tmp = SystemTextEncoding::fromUTF8($tmp);