Welcome Guest, Not a member yet? Register   Sign In
profiler running stripslashes on POST incorrectly
#1

[eluser]royreiss[/eluser]
Hi All,

First time long time as they say. I did a search and didn't see anything related to this, but it's small so that's probably why.

The profiler seems to be running stripslashes on the POST before display regardless of magic_quotes value. This has the effect of removing single slashes and leaving half of a double slash.

It seems it could just be fixed by checking for magic_quotes value.
#2

[eluser]WanWizard[/eluser]
CI doesn't use magic quotes. If it's on in the config, it's disabled by CI in codeigniter.php.
#3

[eluser]royreiss[/eluser]
Hey WanWizard,

Sorry I don't think I was clear in the my first post.

What I mean is that the profiler will incorrectly display the values of the POST array because it is running stripslashes on the POST before display. Which it would be doing for no reason if magic_quotes is disabled on the system (whatever the method).

As a test enable the profiler on a system with magic_quotes disabled and submit two slashes through POST. The profiler will display one slash as the value submitted.
#4

[eluser]WanWizard[/eluser]
I can't reproduce that here.

If I enter "test // test" in a form field, the profiler shows exactly that.
#5

[eluser]royreiss[/eluser]
Huh? stripslashes only runs on \ backslashes not on / forward slashes.

Second, this will only happen on a system with magic_quotes _gpc disabled. You can test your systems value by running get_magic_quotes_gpc()
#6

[eluser]WanWizard[/eluser]
If you mean backslashes, than say so. You were talking about slashes.

In a CI environment magic quotes are always off. If they are on in php.ini, CI disables them. And in PHP 5.3+, there disabled by the system. I'm running on 5.3.3 here.

There's a deeper issue then just the profiler. When I type "test \\ test" in any field (which causes the form to reload due to a validation error), the form is repopulated with a single backslash. Somewhere one disappears...
#7

[eluser]royreiss[/eluser]
Hi WanWizard,

First this is just meant to be a report of a minor bug Smile

Second, my original post mentioned that it was running 'stripslashes'. As this is a forum for bug reports on a PHP framework I assumed that anyone who read this and responded would know of this common function and know that it only runs on backslashes *not* forward slashes without my having to spell it out.

Third, see my second bug report here to find out where the other slashes you noticed are being removed:

http://ellislab.com/forums/viewthread/169846/

If you need clarification on any other common PHP functions just let me know Smile
#8

[eluser]WanWizard[/eluser]
Not that common, I haven't used stripslashes since the old procedural (and pre-framework) days.

And no, no help needed. Some sleep would be great though... Wink




Theme © iAndrew 2016 - Forum software by © MyBB