[mapguide-commits] r10052 - trunk/MgDev/Web/src/mapviewerphp

svn_mapguide at osgeo.org svn_mapguide at osgeo.org
Tue Jun 27 04:18:05 PDT 2023 

Author: jng
Date: 2023-06-27 04:18:04 -0700 (Tue, 27 Jun 2023)
New Revision: 10052

Modified:
   trunk/MgDev/Web/src/mapviewerphp/buffer.php
   trunk/MgDev/Web/src/mapviewerphp/search.php
   trunk/MgDev/Web/src/mapviewerphp/selectwithin.php
Log:
Remove string un-escaping code referencing get_magic_quotes_gpc(). We already commented out this for buffer.php and there doesn't appear to be any adverse effects from not un-escaping string input, so now let's just go all the way with removal.

Fixes #2873

Modified: trunk/MgDev/Web/src/mapviewerphp/buffer.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/buffer.php	2023-05-26 14:10:00 UTC (rev 10051)
+++ trunk/MgDev/Web/src/mapviewerphp/buffer.php	2023-06-27 11:18:04 UTC (rev 10052)
@@ -387,21 +387,6 @@
     $fillstyle = GetParameter($params, 'FILLSTYLE');
     $selText = GetParameter($params, 'SELECTION');
 
-    //unescape strings
-    //
-    /*
-    if(ini_get("magic_quotes_sybase") == "1")
-        $selText = str_replace("''", "'", $selText);
-    else if(get_magic_quotes_gpc() == "1")
-    {
-        //Unescape double quotes
-        $selText = str_replace('\\"', '"', $selText);
-
-        //remove additional backslash
-        $selText = str_replace("\\", "", $selText);
-    }
-    */
-
     if((int)$foretrans < 0 || (int)$foretrans > 100)
         $foretrans = 50;
 }

Modified: trunk/MgDev/Web/src/mapviewerphp/search.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/search.php	2023-05-26 14:10:00 UTC (rev 10051)
+++ trunk/MgDev/Web/src/mapviewerphp/search.php	2023-06-27 11:18:04 UTC (rev 10052)
@@ -80,24 +80,6 @@
         
         $userInput = str_replace("'", "''", $userInput);
 
-        //unescape strings
-        //
-        if(ini_get("magic_quotes_sybase") == "1")
-        {
-            $matchLabel = str_replace("''", "'", $matchLabel);
-            $filter = str_replace("''", "'", $filter);
-        }
-        else if(get_magic_quotes_gpc() == "1")
-        {
-            //Unescape single quotes
-            $filter = str_replace("\\'", "'", $filter);
-            //Unescape double quotes
-            $filter = str_replace('\\"', '"', $filter);
-
-            //remove additional backslash
-            $filter = str_replace("\\", "", $filter);
-        }
-
         //substitute the input tag with the actual user input to make up the filter
         $filter = str_replace('$USER_VARIABLE', $userInput, $filter);
 

Modified: trunk/MgDev/Web/src/mapviewerphp/selectwithin.php
===================================================================
--- trunk/MgDev/Web/src/mapviewerphp/selectwithin.php	2023-05-26 14:10:00 UTC (rev 10051)
+++ trunk/MgDev/Web/src/mapviewerphp/selectwithin.php	2023-06-27 11:18:04 UTC (rev 10052)
@@ -163,16 +163,6 @@
 
 function UnescapeMagicQuotes($str)
 {
-    if(ini_get("magic_quotes_sybase") == "1")
-        return str_replace("''", "'", $str);
-    else if(get_magic_quotes_gpc() == "1")
-    {
-        //Unescape double quotes
-        $str = str_replace('\\"', '"', $str);
-
-        //remove additional backslash
-        return str_replace("\\", "", $str);
-    }
     return $str;
 }

More information about the mapguide-commits mailing list