Post by X-Rayden » Thu Feb 19, 2009 4:19 am

I know it WILL BE deprecated in php 5.3.0 and remove in 6.0,

but if so, you should say that 1.1.7 is only 5.3 compatible,
if not, why remove it right now ? most hosting wont alowed magic_quotes to be off

and between 5.0 and 5.3 magic_quotes off is a security risk, so there is one problem, maybe you should recheck "System requirements"

where can i find 1.1.6 ?

User avatar
New member

Posts

Joined
Sat Jan 12, 2008 3:54 am
Location - Québec, Qc, Canada

Post by Daniel » Thu Feb 19, 2009 6:36 am

Because it stops windows servers from uplaoding files if i manually remove slashes.

User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by Redblob » Fri Feb 20, 2009 4:30 am

If opencart work on a linux server and if my hosting don't want to set magic_quotes_gpc = off ....... is a problem ? What happen ?

I have noted that is not essential for opencart installation because the installation starts also if it is on ..... on linux server is the same if is on or off ?

Thanks.

New member

Posts

Joined
Sun Feb 08, 2009 1:09 am
Location - Italy

Post by Redblob » Fri Feb 20, 2009 4:40 am

If Opencart work on a linux server and if the hosting don't want to set magic_quote_gpc=off is a problem ? What happen ?

I have seen that the installation tell me that it is "no good" but don't stop the installation and go ahead..... is a problem ?
I must have it on also if is a linux server ?

Thanks.

New member

Posts

Joined
Sun Feb 08, 2009 1:09 am
Location - Italy

Post by X-Rayden » Mon Feb 23, 2009 10:57 pm

you can install on linux with magic quotes on, you can go in the admin, but in the shop you'll see :

Error: magic_quotes_gpc is enabled!

User avatar
New member

Posts

Joined
Sat Jan 12, 2008 3:54 am
Location - Québec, Qc, Canada

Post by X-Rayden » Mon Feb 23, 2009 11:45 pm

you can work with 1.1.7 on a magic_quote on linux server (i'm with centos) after the install, you need to go change the file system/startup.php and remove or comment :

Code: Select all

ini_set('magic_quotes_gpc', 'Off');

if (ini_get('magic_quotes_gpc')) {
	exit('Error: magic_quotes_gpc is enabled!');
}

User avatar
New member

Posts

Joined
Sat Jan 12, 2008 3:54 am
Location - Québec, Qc, Canada

Post by liquidpele » Tue Feb 24, 2009 12:35 pm

If you enable magic quotes, you'll get \" instead of just " in text that you submit.
Just be aware of that. Magic quotes is the second worst feature php invented (register global variables being the first).

New member

Posts

Joined
Mon Feb 23, 2009 11:58 pm

Post by X-Rayden » Tue Feb 24, 2009 10:21 pm

Yes, but almost any shared hosting out there on linux have these on, and you can't switch off, even some shared hosting make 500 error if you try to make it off in .htaccess

User avatar
New member

Posts

Joined
Sat Jan 12, 2008 3:54 am
Location - Québec, Qc, Canada

Post by Daniel » Tue Feb 24, 2009 10:33 pm

Your hosting should have some way of configuring magic_quotes_gpc. Have you contacted them?

OpenCart is on a shared host and it works fine.

If you don't use .htaccess you can try php.ini.

User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by X-Rayden » Tue Feb 24, 2009 10:40 pm

it's one of my client, iweb (iweb.com) said that they prevent magic_quote off, and that we can't in no way turn it off.

User avatar
New member

Posts

Joined
Sat Jan 12, 2008 3:54 am
Location - Québec, Qc, Canada

Post by liquidpele » Tue Feb 24, 2009 11:53 pm

You could disable requiring magic quotes and put this code on your site so it runs before *any* other php is run. This will remove all slashes from user data only if magic quotes is on... but would certainly be annoying to have to put in the main opencart release.

Code: Select all

if(get_magic_quotes_gpc()) {
   foreach($_POST as $k=>$v){
      $_POST[$k] = stipslashes($v);
   }
   foreach($_GET as $k=>$v){
      $_GET[$k] = stripslashes($v);
   }
}

New member

Posts

Joined
Mon Feb 23, 2009 11:58 pm

Post by matteoraggi » Fri Apr 10, 2009 10:46 pm

This solution is also for opencart 1.2.6 ?

http://www.restaurantsupplies.eu Restaurant Supplies
Opencart 1.5.6.4 VQMOD 2.4.1
Languages: Italian, French, German, Hungarian, English, Russian, Polish and Spanish


Active Member

Posts

Joined
Fri Apr 10, 2009 8:16 pm

Post by Daniel » Sat Apr 11, 2009 2:19 am

There is a compatibility fix for 1.2.5 and 1.2.6

User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by AllSoCute » Wed Jun 19, 2013 11:59 am

liquidpele wrote:You could disable requiring magic quotes and put this code on your site so it runs before *any* other php is run. This will remove all slashes from user data only if magic quotes is on... but would certainly be annoying to have to put in the main opencart release.

Code: Select all

if(get_magic_quotes_gpc()) {
   foreach($_POST as $k=>$v){
      $_POST[$k] = stipslashes($v);
   }
   foreach($_GET as $k=>$v){
      $_GET[$k] = stripslashes($v);
   }
}

where can i put these code in my site? i'm new in this, please let me know more detail... thanks
is it apply for open cart version 1.5.5.1?

Newbie

Posts

Joined
Wed Jun 19, 2013 11:55 am

Post by butte » Thu Jun 20, 2013 5:01 am

(1) No, in 1.5.5.1 you do not have to give it a second thought. So here are two more.

(2) Magic quotes will probably already be off. Live with that, it's what you want. If magic quotes are on, there are several lines low in .htaccess.text (lead and trailing dots, text), which you'll arm by renaming it .htacess (lead dot, no trailing anything), which can be uncommented (remove the "#" at the start of a directive line), and one of those concerns magic quotes, which can be turned on by uncommenting it.

(3) As a general rule (here oversimplified to make the point), magic quotes speak to whether quotation marks and certain other punctuation marks that mean something to the machine run through the processor as commands or as text-strings. There is a special procedure called "escaping" by inserting characters known as "escapes" to tell the processor what to do or not when it encounters certain characters. Magic quotes in effect automate escaping and unescaping certain characters. The whole idea of escaping goes way, way back in Code Land, where it is almost as primeval as the typewriter keyboard.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by AllSoCute » Fri Jun 21, 2013 2:16 am

Thanks for your help. My current server showed that magic quotes Gpc is On. I tried your way and it worked

But then I tried to call my host and they showed me how to turn it off and I want to share with everybody, hope it will help somebody.


Magic Quotes is a process that automatically escapes incoming data to the PHP script. However, since the release of PHP 5.3.0, this feature has been depreciated.

There are a few ways you can disable Magic Quotes: (only choose 1 way to do, not all)

1. Disabling Magic Quotes Server Side via php5.ini
Add this code to your php5.ini file:

Code: Select all

magic_quotes_gpc = Off;
magic_quotes_runtime = Off;
magic_quotes_sybase = Off; 
If the hosting account does not have a php5.ini file, you have to add one.

2. Disabling Magic Quotes at Runtime
Place code at top of the .php file so it executes when the file runs:

Code: Select all

<?php
if (get_magic_quotes_gpc()) {
    function magicQuotes_awStripslashes(&$value, $key) {$value = stripslashes($value);}
    $gpc = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    array_walk_recursive($gpc, 'magicQuotes_awStripslashes');
}
?>
NOTE: The magic_quotes_gpc directive may only be disabled at the system level, and not at runtime.

Newbie

Posts

Joined
Wed Jun 19, 2013 11:55 am

Post by butte » Fri Jun 21, 2013 5:45 am

Good! Just for reference, the control of directives is hierarchically stepwise. Generally, the deeper the solution, the better. Controlling magic quotes at the level of the entire server's php.ini tends to favor having them, for benefit of many users who aren't running OC or certain other programs. Controlling them at the level of the account's php.ini, which will often be plural for selectable php.exe versions (you'd shown php5.ini, so you probably also have others) turns them on or off before php scripts even run. Controlling them next at the level of .htaccess, stepwise in account root through program directories such as for OC itself, also steps in before php scripts even run, but getting along with the server is potentially tricky. Controlling them at the level of php scripts, such as in the first several lines, is least preferred but is a likely viable option.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am
Who is online

Users browsing this forum: No registered users and 14 guests