From 3e5226ab6e649d12e8d5518df2ad6dada0bb2aef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0koda?= Date: Thu, 2 Jan 2014 09:35:50 +0800 Subject: [PATCH] MDL-43528 remove all traces of magic quotes hacking from moodle core --- admin/index.php | 4 ---- admin/tool/health/index.php | 19 ------------------- install.php | 4 ---- lang/en/admin.php | 1 - lang/en/install.php | 9 --------- lib/htaccess | 2 -- lib/setup.php | 33 --------------------------------- lib/setuplib.php | 8 -------- 8 files changed, 80 deletions(-) diff --git a/admin/index.php b/admin/index.php index e42687a625b90..3cdb0eb5ed332 100644 --- a/admin/index.php +++ b/admin/index.php @@ -119,10 +119,6 @@ print_error('phpvaroff', 'debug', '', (object)array('name'=>'session.auto_start', 'link'=>$documentationlink)); } -if (ini_get_bool('magic_quotes_runtime')) { - print_error('phpvaroff', 'debug', '', (object)array('name'=>'magic_quotes_runtime', 'link'=>$documentationlink)); -} - if (!ini_get_bool('file_uploads')) { print_error('phpvaron', 'debug', '', (object)array('name'=>'file_uploads', 'link'=>$documentationlink)); } diff --git a/admin/tool/health/index.php b/admin/tool/health/index.php index 3966865c2429a..f0fe6c84b6b31 100644 --- a/admin/tool/health/index.php +++ b/admin/tool/health/index.php @@ -240,25 +240,6 @@ function solution() { } } -class problem_000006 extends problem_base { - function title() { - return 'PHP: magic_quotes_runtime is enabled'; - } - function exists() { - return (ini_get_bool('magic_quotes_runtime')); - } - function severity() { - return SEVERITY_SIGNIFICANT; - } - function description() { - return 'Your PHP configuration includes an enabled setting, magic_quotes_runtime, that must be disabled in order for Moodle to work correctly. Notable symptoms arising from this misconfiguration include strange display errors whenever a text field that includes single or double quotes is processed.'; - } - function solution() { - global $CFG; - return '

There are two ways you can solve this problem:

  1. If you have access to your main php.ini file, then find the line that looks like this: 
    magic_quotes_runtime = On
    and change it to 
    magic_quotes_runtime = Off
    and then restart your web server. Be warned that this, as any other PHP setting change, might affect other web applications running on the server.
  2. Finally, you may be able to change this setting just for your site by creating or editing the file '.$CFG->dirroot.'/.htaccess to contain this line: 
    php_value magic_quotes_runtime "Off"
'; - } -} - class problem_000007 extends problem_base { function title() { return 'PHP: file_uploads is disabled'; diff --git a/install.php b/install.php index c7f4fc5a0241a..75c7ccf559249 100644 --- a/install.php +++ b/install.php @@ -108,10 +108,6 @@ $config->lang = $lang; if (!empty($_POST)) { - if (install_ini_get_bool('magic_quotes_gpc')) { - $_POST = array_map('stripslashes', $_POST); - } - $config->stage = (int)$_POST['stage']; if (isset($_POST['previous'])) { diff --git a/lang/en/admin.php b/lang/en/admin.php index 7006d1a930c84..45f4527330410 100644 --- a/lang/en/admin.php +++ b/lang/en/admin.php @@ -521,7 +521,6 @@ $string['experimentalsettings'] = 'Experimental settings'; $string['extendedusernamechars'] = 'Allow extended characters in usernames'; $string['extramemorylimit'] = 'Extra PHP memory limit'; -$string['fatalmagicquotesruntime'] = '

Serious configuration error detected, please notify server administrator.

To operate properly, Moodle requires that administrator changes PHP settings.

magic_quotes_runtime must be set to off.

This setting is controlled by editing php.ini, Apache/IIS
configuration or .htaccess file on the server.

'; $string['fatalsessionautostart'] = '

Serious configuration error detected, please notify server administrator.

To operate properly, Moodle requires that administrator changes PHP settings.

session.auto_start must be set to off.

This setting is controlled by editing php.ini, Apache/IIS
configuration or .htaccess file on the server.

'; $string['filecreated'] = 'New file created'; $string['filestoredin'] = 'Save file into folder :'; diff --git a/lang/en/install.php b/lang/en/install.php index 882655a59d654..e9da636b45cca 100644 --- a/lang/en/install.php +++ b/lang/en/install.php @@ -145,15 +145,6 @@ $string['installation'] = 'Installation'; $string['langdownloaderror'] = 'Unfortunately the language "{$a}" could not be downloaded. The installation process will continue in English.'; $string['langdownloadok'] = 'The language "{$a}" was installed successfully. The installation process will continue in this language.'; -$string['magicquotesruntime'] = 'Magic quotes run time'; -$string['magicquotesruntimeerror'] = 'This should be off'; -$string['magicquotesruntimehelp'] = '

Magic quotes runtime should be turned off for Moodle to function properly.

- -

Normally it is off by default ... see the setting magic_quotes_runtime in your php.ini file.

- -

If you don\'t have access to your php.ini, you might be able to place the following line in a file - called .htaccess within your Moodle directory:

-
php_value magic_quotes_runtime Off
'; $string['memorylimit'] = 'Memory limit'; $string['memorylimiterror'] = 'The PHP memory limit is set quite low ... you may run into problems later.'; $string['memorylimithelp'] = '

The PHP memory limit for your server is currently set to {$a}.

diff --git a/lib/htaccess b/lib/htaccess index d0597fcd81055..eca63601aec92 100644 --- a/lib/htaccess +++ b/lib/htaccess @@ -27,8 +27,6 @@ DirectoryIndex index.php index.html index.htm ### Thirdly, set up some PHP variables that Moodle needs -php_flag magic_quotes_gpc 0 -php_flag magic_quotes_runtime 0 php_flag register_globals 0 php_flag file_uploads 1 php_flag short_open_tag 1 diff --git a/lib/setup.php b/lib/setup.php index f1d3054e4fd16..433432867c088 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -696,39 +696,6 @@ $CFG->wordlist = $CFG->libdir .'/wordlist.txt'; $CFG->moddata = 'moddata'; -// A hack to get around magic_quotes_gpc being turned on -// It is strongly recommended to disable "magic_quotes_gpc"! -if (ini_get_bool('magic_quotes_gpc')) { - function stripslashes_deep($value) { - $value = is_array($value) ? - array_map('stripslashes_deep', $value) : - stripslashes($value); - return $value; - } - $_POST = array_map('stripslashes_deep', $_POST); - $_GET = array_map('stripslashes_deep', $_GET); - $_COOKIE = array_map('stripslashes_deep', $_COOKIE); - $_REQUEST = array_map('stripslashes_deep', $_REQUEST); - if (!empty($_SERVER['REQUEST_URI'])) { - $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']); - } - if (!empty($_SERVER['QUERY_STRING'])) { - $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']); - } - if (!empty($_SERVER['HTTP_REFERER'])) { - $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']); - } - if (!empty($_SERVER['PATH_INFO'])) { - $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']); - } - if (!empty($_SERVER['PHP_SELF'])) { - $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']); - } - if (!empty($_SERVER['PATH_TRANSLATED'])) { - $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']); - } -} - // neutralise nasty chars in PHP_SELF if (isset($_SERVER['PHP_SELF'])) { $phppos = strpos($_SERVER['PHP_SELF'], '.php'); diff --git a/lib/setuplib.php b/lib/setuplib.php index 929ad2ef8e788..8c61eebceed93 100644 --- a/lib/setuplib.php +++ b/lib/setuplib.php @@ -710,9 +710,6 @@ function setup_validate_php_configuration() { if (ini_get_bool('session.auto_start')) { print_error('sessionautostartwarning', 'admin'); } - if (ini_get_bool('magic_quotes_runtime')) { - print_error('fatalmagicquotesruntime', 'admin'); - } } /** @@ -994,11 +991,6 @@ function workaround_max_input_vars() { $values = array(); parse_str($chunk, $values); - if (ini_get_bool('magic_quotes_gpc')) { - // Use the same logic as lib/setup.php to work around deprecated magic quotes. - $values = array_map('stripslashes_deep', $values); - } - merge_query_params($_POST, $values); merge_query_params($_REQUEST, $values); }