[pLog-svn] r1297 - plog/trunk/class/net

oscar at devel.plogworld.net oscar at devel.plogworld.net
Thu Mar 3 23:04:02 GMT 2005 

Author: oscar
Date: 2005-03-03 23:04:02 +0000 (Thu, 03 Mar 2005)
New Revision: 1297

Modified:
   plog/trunk/class/net/request.class.php
Log:
this should mostly fix the problem we've been experiencing concerning [un]stripping of slashes when magic_quotes_gpc is enabled! Please use the method Request::setStripSlashes() to dynamically disable this behaviour. 

This seemed to cause some problems with arrays so I had to add a special condition for that... If you see that it's causing problems somewhere else, please let me know (or even better, fix it :))

At the moment the only issue that I can see is that it is "eating" slashes once we save the post and it is loaded again as reported by jon here: http://bugs.plogworld.net/view.php?id=269 but I do not know how to solve it. Should we double the slashes everytime the data is saved to the db so that when it is loaded we get the same amount of slashes?

Modified: plog/trunk/class/net/request.class.php
===================================================================
--- plog/trunk/class/net/request.class.php	2005-03-03 22:16:20 UTC (rev 1296)
+++ plog/trunk/class/net/request.class.php	2005-03-03 23:04:02 UTC (rev 1297)
@@ -32,6 +32,40 @@
         		$this->Properties();
             else
             	$this->Properties( $values );
+				
+			$this->_stripSlashes = true;
         }
+		
+		/**
+		 * whether parameters should or should not be unescaped automatically
+		 *
+		 * @param escape
+		 */
+		function setStripSlashes( $enabled )
+		{
+			$this->_stripSlashes = $enabled;
+		}
+		
+		/**
+		 * reimplemented from Properties::getValue() so that we can correctly
+		 * strip slashes from requests where magic_quotes_gpc was enabled
+		 *
+		 * @param key
+		 * @param defaultValue
+		 * @return the value
+		 */
+		function getValue( $key, $defaultValue = null )
+		{
+			// get the value from the parent
+			$value = parent::getValue( $key, $defaultValue );
+			
+			// now if magic quotes are enabled and the input parameter is not an array
+			// and the feature has not been disabled, then strip the slashes
+			if( get_magic_quotes_gpc() && !is_array( $value ) && $this->_stripSlashes ) {
+				$value = stripslashes( $value );
+			}
+			
+			return( $value );
+		}
     }
 ?>

More information about the pLog-svn mailing list