Browse files

MDL-43528 remove all traces of magic quotes hacking from moodle core

  • Loading branch information...
1 parent bbb291b commit 3e5226ab6e649d12e8d5518df2ad6dada0bb2aef @skodak skodak committed Jan 2, 2014
Showing with 0 additions and 80 deletions.
  1. +0 −4 admin/index.php
  2. +0 −19 admin/tool/health/index.php
  3. +0 −4 install.php
  4. +0 −1 lang/en/admin.php
  5. +0 −9 lang/en/install.php
  6. +0 −2 lib/htaccess
  7. +0 −33 lib/setup.php
  8. +0 −8 lib/setuplib.php
View
4 admin/index.php
@@ -119,10 +119,6 @@
print_error('phpvaroff', 'debug', '', (object)array('name'=>'session.auto_start', 'link'=>$documentationlink));
}
-if (ini_get_bool('magic_quotes_runtime')) {
- print_error('phpvaroff', 'debug', '', (object)array('name'=>'magic_quotes_runtime', 'link'=>$documentationlink));
-}
-
if (!ini_get_bool('file_uploads')) {
print_error('phpvaron', 'debug', '', (object)array('name'=>'file_uploads', 'link'=>$documentationlink));
}
View
19 admin/tool/health/index.php
@@ -240,25 +240,6 @@ function solution() {
}
}
-class problem_000006 extends problem_base {
- function title() {
- return 'PHP: magic_quotes_runtime is enabled';
- }
- function exists() {
- return (ini_get_bool('magic_quotes_runtime'));
- }
- function severity() {
- return SEVERITY_SIGNIFICANT;
- }
- function description() {
- return 'Your PHP configuration includes an enabled setting, magic_quotes_runtime, that <strong>must be disabled</strong> in order for Moodle to work correctly. Notable symptoms arising from this misconfiguration include strange display errors whenever a text field that includes single or double quotes is processed.';
- }
- function solution() {
- global $CFG;
- return '<p>There are two ways you can solve this problem:</p><ol><li>If you have access to your main <strong>php.ini</strong> file, then find the line that looks like this: <pre>magic_quotes_runtime = On</pre> and change it to <pre>magic_quotes_runtime = Off</pre> and then restart your web server. Be warned that this, as any other PHP setting change, might affect other web applications running on the server.</li><li>Finally, you may be able to change this setting just for your site by creating or editing the file <strong>'.$CFG->dirroot.'/.htaccess</strong> to contain this line: <pre>php_value magic_quotes_runtime "Off"</pre></li></ol>';
- }
-}
-
class problem_000007 extends problem_base {
function title() {
return 'PHP: file_uploads is disabled';
View
4 install.php
@@ -108,10 +108,6 @@
$config->lang = $lang;
if (!empty($_POST)) {
- if (install_ini_get_bool('magic_quotes_gpc')) {
- $_POST = array_map('stripslashes', $_POST);
- }
-
$config->stage = (int)$_POST['stage'];
if (isset($_POST['previous'])) {
View
1 lang/en/admin.php
@@ -521,7 +521,6 @@
$string['experimentalsettings'] = 'Experimental settings';
$string['extendedusernamechars'] = 'Allow extended characters in usernames';
$string['extramemorylimit'] = 'Extra PHP memory limit';
-$string['fatalmagicquotesruntime'] = '<p>Serious configuration error detected, please notify server administrator.</p><p> To operate properly, Moodle requires that administrator changes PHP settings.</p><p><code>magic_quotes_runtime</code> must be set to <code>off</code>.</p><p>This setting is controlled by editing <code>php.ini</code>, Apache/IIS <br />configuration or <code>.htaccess</code> file on the server.</p>';
$string['fatalsessionautostart'] = '<p>Serious configuration error detected, please notify server administrator.</p><p> To operate properly, Moodle requires that administrator changes PHP settings.</p><p><code>session.auto_start</code> must be set to <code>off</code>.</p><p>This setting is controlled by editing <code>php.ini</code>, Apache/IIS <br />configuration or <code>.htaccess</code> file on the server.</p>';
$string['filecreated'] = 'New file created';
$string['filestoredin'] = 'Save file into folder :';
View
9 lang/en/install.php
@@ -145,15 +145,6 @@
$string['installation'] = 'Installation';
$string['langdownloaderror'] = 'Unfortunately the language "{$a}" could not be downloaded. The installation process will continue in English.';
$string['langdownloadok'] = 'The language "{$a}" was installed successfully. The installation process will continue in this language.';
-$string['magicquotesruntime'] = 'Magic quotes run time';
-$string['magicquotesruntimeerror'] = 'This should be off';
-$string['magicquotesruntimehelp'] = '<p>Magic quotes runtime should be turned off for Moodle to function properly.</p>
-
-<p>Normally it is off by default ... see the setting <b>magic_quotes_runtime</b> in your php.ini file.</p>
-
-<p>If you don\'t have access to your php.ini, you might be able to place the following line in a file
- called .htaccess within your Moodle directory:</p>
- <blockquote><div>php_value magic_quotes_runtime Off</div></blockquote>';
$string['memorylimit'] = 'Memory limit';
$string['memorylimiterror'] = 'The PHP memory limit is set quite low ... you may run into problems later.';
$string['memorylimithelp'] = '<p>The PHP memory limit for your server is currently set to {$a}.</p>
View
2 lib/htaccess
@@ -27,8 +27,6 @@ DirectoryIndex index.php index.html index.htm
### Thirdly, set up some PHP variables that Moodle needs
-php_flag magic_quotes_gpc 0
-php_flag magic_quotes_runtime 0
php_flag register_globals 0
php_flag file_uploads 1
php_flag short_open_tag 1
View
33 lib/setup.php
@@ -696,39 +696,6 @@
$CFG->wordlist = $CFG->libdir .'/wordlist.txt';
$CFG->moddata = 'moddata';
-// A hack to get around magic_quotes_gpc being turned on
-// It is strongly recommended to disable "magic_quotes_gpc"!
-if (ini_get_bool('magic_quotes_gpc')) {
- function stripslashes_deep($value) {
- $value = is_array($value) ?
- array_map('stripslashes_deep', $value) :
- stripslashes($value);
- return $value;
- }
- $_POST = array_map('stripslashes_deep', $_POST);
- $_GET = array_map('stripslashes_deep', $_GET);
- $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
- $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
- if (!empty($_SERVER['REQUEST_URI'])) {
- $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
- }
- if (!empty($_SERVER['QUERY_STRING'])) {
- $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
- }
- if (!empty($_SERVER['HTTP_REFERER'])) {
- $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
- }
- if (!empty($_SERVER['PATH_INFO'])) {
- $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
- }
- if (!empty($_SERVER['PHP_SELF'])) {
- $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
- }
- if (!empty($_SERVER['PATH_TRANSLATED'])) {
- $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
- }
-}
-
// neutralise nasty chars in PHP_SELF
if (isset($_SERVER['PHP_SELF'])) {
$phppos = strpos($_SERVER['PHP_SELF'], '.php');
View
8 lib/setuplib.php
@@ -710,9 +710,6 @@ function setup_validate_php_configuration() {
if (ini_get_bool('session.auto_start')) {
print_error('sessionautostartwarning', 'admin');
}
- if (ini_get_bool('magic_quotes_runtime')) {
- print_error('fatalmagicquotesruntime', 'admin');
- }
}
/**
@@ -994,11 +991,6 @@ function workaround_max_input_vars() {
$values = array();
parse_str($chunk, $values);
- if (ini_get_bool('magic_quotes_gpc')) {
- // Use the same logic as lib/setup.php to work around deprecated magic quotes.
- $values = array_map('stripslashes_deep', $values);
- }
-
merge_query_params($_POST, $values);
merge_query_params($_REQUEST, $values);
}

0 comments on commit 3e5226a

Please sign in to comment.