[MOTION] Re: [Mapbender-dev] magic quotes
Christoph Baudson
christoph.baudson at wheregroup.com
Mon Jun 15 04:53:50 EDT 2009
Astrid Emde (WhereGroup) schrieb:
> On Thu, February 26, 2009 11:51 am, Christoph Baudson wrote:
>
>> Hello,
>>
>> Mapbender is not very decisive whether to use stripslashes on request
>> parameters or not. We seem to indecisive if we assume magic_quotes_gpc
>> to be on or off (it is on by default).
>>
>> I suggest we add something like this to globalSettings.php
>>
>> if (get_magic_quotes_gpc() === 1) {
>> array_walk($_POST, 'stripslashes');
>> array_walk($_GET, 'stripslashes');
>> }
>>
>> By this, all input would be properly prepared, and no stripslashing
>> would have to occur.
>>
>> What do you think?
>>
>> Christoph
>>
>
> Hello Christoph,
>
> this idea sounds reasonable to me.
>
> astrid
>
(I have just stumbled over this issue again, which resulted in another
wasted hour. I should have made a motion the first time around.)
I motion to add the code snippet
if (get_magic_quotes_gpc() === 1) {
array_walk($_POST, 'stripslashes');
array_walk($_GET, 'stripslashes');
}
to globalSettings.php, so it will automatically be executed in every
module. I volunteer to search for every occurence of stripslashes in
Mapbender, and remove it where appropriate.
(Maybe this is something that can be done in Bolsena.)
Please second and vote.
Christoph
> _______________________________________________
> Mapbender_dev mailing list
> Mapbender_dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
>
--
_______________________________________
W h e r e G r o u p GmbH & Co. KG
Siemensstraße 8
53121 Bonn
Germany
Christoph Baudson
Anwendungsentwickler
Fon: +49 (0)228 / 90 90 38 - 15
Fax: +49 (0)228 / 90 90 38 - 11
christoph.baudson at wheregroup.com
www.wheregroup.com
Amtsgericht Bonn, HRA 6788
_______________________________________
Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Olaf Knopp, Peter Stamm
_______________________________________
More information about the Mapbender_dev
mailing list