| Anonymous | Login | Signup for a new account | 12-17-2024 10:57 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0001956 | [Quercus] | minor | always | 08-20-07 19:57 | 09-04-07 13:08 | ||||
| Reporter | websurfer2 | View Status | public | ||||||
| Assigned To | nam | ||||||||
| Priority | normal | Resolution | fixed | Platform | |||||
| Status | closed | OS | |||||||
| Projection | none | OS Version | |||||||
| ETA | none | Fixed in Version | 3.1.3 | Product Version | 3.1.3 | ||||
| Product Build | |||||||||
| Summary | 0001956: Form field with quoted string is wrongly escaped | ||||||||
| Description |
Quercus appears to not process quoted string from a http request correctly. When the submitted field is quoted such as ("test"), it will processed as (\"test\") in the $_REQUEST variable. While exactly the same script behaves normally in standard php engine. Pasted are the html page used to submit the request and the php script show the processed request. t.html // used to submit the request <html> <head><title>test Page</title></head> <body> <h1> test</h1> <form method = post action="t.php"> <input type =text name="QUERY" size=20> <input type=submit name="submit" value=submit> </form> </body> </html> t.php //used to show the request <?php $query = $_REQUEST['QUERY']; echo $query; ?> |
||||||||
| Steps To Reproduce | |||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0002215) bago 08-22-07 08:12 |
It could be a difference in magic quote configuration. As an example drupal try to manually handle the various different configurations for PHP: http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc [^] function _fix_gpc_magic(&$item) { if (is_array($item)) { array_walk($item, '_fix_gpc_magic'); } else { $item = stripslashes($item); } } /** * Helper function to strip slashes from $_FILES skipping over the tmp_name keys * since PHP generates single backslashes for file paths on Windows systems. * * tmp_name does not have backslashes added see * http://php.net/manual/en/features.file-upload.php#42280 [^] */ function _fix_gpc_magic_files(&$item, $key) { if ($key != 'tmp_name') { if (is_array($item)) { array_walk($item, '_fix_gpc_magic_files'); } else { $item = stripslashes($item); } } } /** * Correct double-escaping problems caused by "magic quotes" in some PHP * installations. */ function fix_gpc_magic() { static $fixed = FALSE; if (!$fixed && ini_get('magic_quotes_gpc')) { array_walk($_GET, '_fix_gpc_magic'); array_walk($_POST, '_fix_gpc_magic'); array_walk($_COOKIE, '_fix_gpc_magic'); array_walk($_REQUEST, '_fix_gpc_magic'); array_walk($_FILES, '_fix_gpc_magic_files'); $fixed = TRUE; } } |
|
(0002262) nam 09-04-07 13:08 |
php/0878 The default configuration for magic_quotes_gpc was ON. This means that quotes will be escaped in $_POST, $_GET, and $_COOKIES. In the default php.ini, PHP5 has magic_quotes_gpc ON. But since PHP6 will be removing magic_quotes support altogether, Quercus will now have magic_quotes_gpc OFF by default. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 08-20-07 19:57 | websurfer2 | New Issue | |
| 08-22-07 08:12 | bago | Note Added: 0002215 | |
| 09-04-07 13:06 | nam | Status | new => assigned |
| 09-04-07 13:06 | nam | Assigned To | => nam |
| 09-04-07 13:08 | nam | Status | assigned => closed |
| 09-04-07 13:08 | nam | Note Added: 0002262 | |
| 09-04-07 13:08 | nam | Resolution | open => fixed |
| 09-04-07 13:08 | nam | Fixed in Version | => 3.1.3 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
32 total queries executed. 28 unique queries executed. |  |
