arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Require that magic_quotes is OFF.

Browse Source
This commit is contained in:
dave 2010-04-18 22:40:07 +00:00
parent 5e9ee05606
commit 530788e1c5
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
common.inc.php
View File

@ -169,6 +169,29 @@ if($dbcodeversion!=$dbdbversion)
exit; exit;
} }
/* Check that magic_quotes is OFF */
if(get_magic_quotes_gpc()) {
?>
<html><head><title>SFIAB ERROR</title></head><body>
<h1>Science Fair In A Box - ERROR</h1>
<p>Your PHP configuration has magic_quotes ENABLED. They should be
disabled, and are disabled in the .htaccess file, so your server is
ignoring the .htaccess file or overriding it.
<p>Magic quotes is DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, but ON
by default for any PHP &lt; 5.3.0.
<p>It's a pain in the butt because PHP runs urldecode() on all inputs
from GET and POST, but if it sees the string has quotes, then it escapes
existing quotes before passing it to us. This is a problem for json_decode
where we do not want this behaviour, and thus need to pass through stripslashes()
first, but only if magicquotes is ON. If it's off, stripslashes will
break json_decode.
<p>Add <pre>php_flag magic_quotes_gpc off</pre> to the .htacces, or add
<pre>php_flag magic_quotes_gpc=off</pre> to php.ini
<br></body></html>
<?
exit;
}
//now pull the rest of the configuration //now pull the rest of the configuration
$q=mysql_query("SELECT * FROM config WHERE year='".$config['FAIRYEAR']."'"); $q=mysql_query("SELECT * FROM config WHERE year='".$config['FAIRYEAR']."'");