Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Function used in lightopenid does not exist any more #48

Closed
GoogleCodeExporter opened this issue Mar 21, 2015 · 5 comments
Closed

Function used in lightopenid does not exist any more #48

GoogleCodeExporter opened this issue Mar 21, 2015 · 5 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

In php 5.4beta1 the function get_magic_quotes_gpc() is deprecated and has been 
removed.

As this library uses that function it's not working int php 5.4.

Original issue reported on code.google.com by dieg...@gmail.com on 3 Oct 2011 at 9:56
@GoogleCodeExporter
Copy link
Author 

Thanks for the report, although I don't see this information anywhere in the 
docs.

Anyway, if you have an idea how to work around that without breaking 
compatibility with older versions (and bad server setups), please tell me. 
Otherwise I'll have to look for it myself.

Original comment by mewp...@gmail.com on 3 Oct 2011 at 10:24

  • Changed state: Accepted

@GoogleCodeExporter
Copy link
Author 

Hi, I have just removed the verification in this line and I use directly the 
function stripslashes($value), without executing getmagic_quotes_gpc().

I'm not sure about the impact of this change in previous versions, but as far 
as I know that function is also deprecated in php 5.3

Original comment by dieg...@gmail.com on 3 Oct 2011 at 10:48

@GoogleCodeExporter
Copy link
Author 

This isn't a good general solution.

For example, a string: $str = 'asd\f';
Without magic quotes: stripslashes($str) == 'asdf'
With magic quotes: stripslashes($str) == 'asd\f'

Why? Because magic quotes would make the string 'asd\\f' (if it came from GET, 
or something, of course).

So if I wanted to do something like this, I'd just remove the whole block.

I'd rather look for a general solution before doing it.
Also, magic_quotes are deprecated since php 5.3, but get_magic_quotes_gpc is 
not, as it has to be used in order to maintain backwards compatibility. At 
least that's how I understand the php.net docs (it isn't stated anywhere that 
get_magic_quotes_gpc is deprecated).

Original comment by mewp...@gmail.com on 3 Oct 2011 at 1:18

@GoogleCodeExporter
Copy link
Author 

You can use the filter extension (http://php.net/filter) which takes into 
consideration magic quotes when filtering variables from GET and POST.

Instead of:

$this->data = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_GET;

Do:

$this->data = filter_input_array($_SERVER['REQUEST_METHOD'] === 'POST' ? 
INPUT_POST : INPUT_GET, FILTER_UNSAFE_RAW);

Original comment by malterisio777 on 7 Oct 2011 at 7:19

@GoogleCodeExporter
Copy link
Author

Original comment by mewp...@gmail.com on 9 Oct 2011 at 9:32

  • Changed state: Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter