[MOTION] Re: [Mapbender-dev] magic quotes
Christoph Baudson
christoph.baudson at wheregroup.com
Fri Sep 25 06:43:49 EDT 2009
Arnulf Christl schrieb:
> On Mon, June 15, 2009 10:53, Christoph Baudson wrote:
>
>> Astrid Emde (WhereGroup) schrieb:
>>
>>
>>> On Thu, February 26, 2009 11:51 am, Christoph Baudson wrote:
>>>
>>>
>>>
>>>> Hello,
>>>>
>>>>
>>>> Mapbender is not very decisive whether to use stripslashes on request
>>>> parameters or not. We seem to indecisive if we assume
>>>> magic_quotes_gpc to be on or off (it is on by default).
>>>>
>>>> I suggest we add something like this to globalSettings.php
>>>>
>>>>
>>>> if (get_magic_quotes_gpc() === 1) { array_walk($_POST,
>>>> 'stripslashes');
>>>> array_walk($_GET, 'stripslashes'); }
>>>>
>>>>
>>>> By this, all input would be properly prepared, and no stripslashing
>>>> would have to occur.
>>>>
>>>> What do you think?
>>>>
>>>>
>>>> Christoph
>>>>
>>>>
>>>>
>>> Hello Christoph,
>>>
>>>
>>> this idea sounds reasonable to me.
>>>
>>> astrid
>>>
>>>
>> (I have just stumbled over this issue again, which resulted in another
>> wasted hour. I should have made a motion the first time around.)
>>
>> I motion to add the code snippet
>>
>>
>> if (get_magic_quotes_gpc() === 1) { array_walk($_POST, 'stripslashes');
>> array_walk($_GET, 'stripslashes'); }
>>
>>
>>
>> to globalSettings.php, so it will automatically be executed in every
>> module. I volunteer to search for every occurence of stripslashes in
>> Mapbender, and remove it where appropriate.
>>
>>
>> (Maybe this is something that can be done in Bolsena.)
>>
>>
>> Please second and vote.
>>
>
> Seconded by Arnulf
>
> Vote: +1
>
>
Motion carried.
However the code has been altered a bit for security reasons (the code
snippet above is recursive)
http://pastebin.org/24512
There is no need to use stripslashes on request data!
Christoph
> Best regards,
> Arnulf
>
>
>> Christoph
>>
>>
>>
>>> _______________________________________________
>>> Mapbender_dev mailing list
>>> Mapbender_dev at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
>>>
>>>
>>>
>> --
>>
>>
>>
>> _______________________________________
>>
>>
>> W h e r e G r o u p GmbH & Co. KG
>>
>>
>> Siemensstraße 8
>> 53121 Bonn
>> Germany
>>
>>
>> Christoph Baudson
>> Anwendungsentwickler
>>
>>
>> Fon: +49 (0)228 / 90 90 38 - 15
>> Fax: +49 (0)228 / 90 90 38 - 11
>> christoph.baudson at wheregroup.com www.wheregroup.com Amtsgericht Bonn, HRA
>> 6788
>> _______________________________________
>>
>>
>> Komplementärin:
>> WhereGroup Verwaltungs GmbH
>> vertreten durch: Olaf Knopp, Peter Stamm
>> _______________________________________
>>
>>
>> _______________________________________________
>> Mapbender_dev mailing list
>> Mapbender_dev at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
>>
>>
>>
>
>
>
--
********************************************
INTERGEO 2009
22.-24. September 2009 in Karlsruhe
Halle 1, Stand 1.417
www.intergeo.de
********************************************
_______________________________________
W h e r e G r o u p GmbH & Co. KG
Siemensstraße 8
53121 Bonn
Germany
Christoph Baudson
Anwendungsentwickler
Fon: +49 (0)228 / 90 90 38 - 15
Fax: +49 (0)228 / 90 90 38 - 11
christoph.baudson at wheregroup.com
www.wheregroup.com
Amtsgericht Bonn, HRA 6788
_______________________________________
Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Olaf Knopp, Peter Stamm
_______________________________________
More information about the Mapbender_dev
mailing list