[pLog-svn] question

Mark Wu markplace at gmail.com
Thu Mar 3 09:53:45 GMT 2005 

Here comes the explaination in php.ini

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(),
etc.
magic_quotes_runtime = Off    

Mark 

-----Original Message-----
From: Oscar Renalias [mailto:phunkphorce at gmail.com] 
Sent: Thursday, March 03, 2005 4:44 PM
To: Mark Wu
Cc: plog-svn at devel.plogworld.net
Subject: Re: [pLog-svn] question

the funniest of all things is that this does not work in
devel.plogworld.net, see for yourselves.

In my win2k or OSX installs, if I add a call to stripslashes() in
class/action/admin/admnpostmanagementaction.class.php (lines 121 and
122):

$this->_postText     =
stripslashes(trim(Textfilter::xhtmlize($this->_request->getValue(
"postText" ))));
$this->_postExtendedText =
stripslashes(trim(Textfilter::xhtmlize($this->_request->getValue(
"postExtendedText" ))));

it will work fine. However in devel.plogoworld.net (to where I do not have
access now and therefore cannot change the code) this is not needed and
Mark's example is not reproducible.

I've also been able to find out via debug statements that the post text is
already escaped wtih backslashes once it reaches plog (try putting a
print($_REQUEST["postText"] and you'll see what I'm talking
about) while this does not happen in the devel server.

Quite weird, I had never seen this one before and I definitely never
happened to me. It's quite strange that it is suddenly happening...

Oscar

On Thu, 3 Mar 2005 10:23:56 +0200, Oscar Renalias <phunkphorce at gmail.com>
wrote:
> but slashes are only added whenever magic_quotes_gpc is set to 'On'
> right? I don't understand where those slashes are being added now 
> because I have them set to disabled.
> 
> Oscar
> 
> 
> On Thu, 3 Mar 2005 15:48:57 +0800, Mark Wu <markplace at gmail.com> wrote:
> > Hi Oscar:
> >
> > I guess, only guess ...
> >
> > Do you remember the Summary register bug I mentioned before , I need 
> > to stripslashes the blogname before I use it. It seems the same 
> > situation
> >
> > When we validate the form field, if it's wrong, then plog pass the 
> > same field value back to the form .... But in the same time, php 
> > will addslahes by itself...  So, that's why....
> >
> > So, maybe we need to add a stripslashes after we validate the fom ...
> >
> > I only guess.
> >
> > Mark
> >
> > -----Original Message-----
> > From: plog-svn-bounces at devel.plogworld.net
> > [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of Oscar 
> > Renalias
> > Sent: Thursday, March 03, 2005 3:36 PM
> > To: plog-svn at devel.plogworld.net
> > Subject: Re: [pLog-svn] question
> >
> > confirmed, I can reproduce this one. I am just wondering which 
> > component is doing this to the code...
> >
> > Oscar
> >
> > On Thu, 3 Mar 2005 11:59:44 +0800, Mark Wu <markplace at gmail.com> wrote:
> > > Hi Oscar:
> > >
> > > I just replicate the question.
> > >
> > > 1. Newpost
> > > 2. Post the follow code to htmlarea in text mode
> > >
> > > <OBJECT ID="WMPlay" WIDTH=320 HEIGHT=240 
> > > CLASSID="CLSID:22D6f312-B0F6-11D0-94AB-0080C74C7E95"
> > > CODEBASE="http://activex.microsoft.com/activex/controls/mplayer/en
> > > /
> > > nsmp2inf.cab#Version=6,4,5,715"
> > > STANDBY="Loading Microsoft? Windows Media? Player components..."
> > > TYPE="application/x-oleobject">
> > > </OBJECT>
> > >
> > > 3. DO NOT CHOOSE CATEGORY
> > > 4. Press Blog this
> > > 5. Plog will show you  wrong message 6. change to text mode again 
> > > , you will get
> > >
> > > <object id="\"WMPlay\""
> > > codebase="\"http://activex.microsoft.com/activex/controls/mplayer/en/"
> > > type="\"application/x-oleobject\"" height="240" standby="\"Loading"
> > > width="320" classid="\"CLSID:22D6f312-B0F6-11D0-94AB-0080C74C7E95\""
> > > nsmp2inf.cab#version="6,4,5,715\"" />
> > >
> > > Mark
> > > -----Original Message-----
> > > From: plog-svn-bounces at devel.plogworld.net
> > > [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of Jon 
> > > Daley
> > > Sent: Thursday, March 03, 2005 4:23 AM
> > > To: plog-svn at devel.plogworld.net
> > > Subject: Re: [pLog-svn] question
> > >
> > > In rev 1274 with xhtml_converter enabled, aggressive_converter 
> > > disabled, magic_quotes_gpc = On magic_quotes_runtime = Off 
> > > magic_quotes_sybase = Off
> > >
> > > I don't have any problems.
> > >
> > > I also checked rev 1292 with and without aggressive converter 
> > > enabled, and it is fine also, using your example code.
> > >
> > > I had a problem like that a long time ago, but I couldn't figure 
> > > out why it was happening, it was only on one particular machine.  
> > > You had asked me to play around with the magic_quotes vars, but 
> > > that didn't make a
> > difference.
> > >
> > > On Wed, 2 Mar 2005, Oscar Renalias wrote:
> > >
> > > > is anybody else having problems with the "preview post" 
> > > > function? It seems like somewhere, somebody is adding quotes to 
> > > > the post text, even if magic_quotes_gpc and magic_quotes_runtime 
> > > > are disabled. So something like
> > > > this:
> > > >
> > > > <a href="http://localhost/plog/resserver.php?blogId=2&amp;
> > > > resource=IMG_3281.JPG"><img style="margin: 5px;" border="0"
alt="test"
> > > > src="http://localhost/plog/resserver.php?blogId=2&amp;
> > > > resource=IMG_3281.JPG&amp;mode=preview" /></a>
> > > >
> > > > becomes
> > > >
> > > > <a href=\"http://localhost/plog/resserver.php?blogId=2&amp;
> > > > resource=IMG_3281.JPG\"><img style=\"margin: 5px;\" border=\"0\"
> > > alt=\"test\"
> > > > src=\"http://localhost/plog/resserver.php?blogId=2&amp;
> > > > resource=IMG_3281.JPG&amp;mode=preview\" /></a>
> > > >
> > > > and I have no clue why... Anybody noticed the same problem?
> > > >
> > > > Oscar
> > > >
> > > > _______________________________________________
> > > > pLog-svn mailing list
> > > > pLog-svn at devel.plogworld.net
> > > > http://devel.plogworld.net/mailman/listinfo/plog-svn
> > > >
> > >
> > > **************************************************************
> > > *     Jonathan M. Daley     *   Don't tell people how to do  *
> > > *                           *  things.  Tell them what to do *
> > > *   jondaley at snurgle.org    *    and let them surprise you   *
> > > *                           *       with their results.      *
> > > * www.snurgle.org/~jondaley *               -- George Patton *
> > > **************************************************************
> > > _______________________________________________
> > > pLog-svn mailing list
> > > pLog-svn at devel.plogworld.net
> > > http://devel.plogworld.net/mailman/listinfo/plog-svn
> > >
> > > _______________________________________________
> > > pLog-svn mailing list
> > > pLog-svn at devel.plogworld.net
> > > http://devel.plogworld.net/mailman/listinfo/plog-svn
> > >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.plogworld.net
> > http://devel.plogworld.net/mailman/listinfo/plog-svn
> >
> >
>

More information about the pLog-svn mailing list