Forums | Mahara Community

Support /
magic_quotes_gpc


Conrad Lienhardt's profile picture
Posts: 127

24 June 2011, 3:46

Hello,

magic_quotes_gpc is on and now I get the warning, that this is dangerous and I should set it off.

When setting off, several other applications starts warning me, that magic_quotes_gpc off is a huge security whole.

So; this sets my dilemma.

I always thought, that magic_quotes_gpc off  is risky.

Setting the values via .htaccess is not possible. This generats a 500 Error. So there is no chance to set different values to different applictions within the same webaccount.

Now; how great is the security risk by stetting magic_quotes_gpc to off concerning Mahara?
And does the value "on "cause" functional problems - besides security risks ?

Thanks and Regards,
Conrad

PS: Using Mahara 1.4; PHP 5.2.16; MySQL 5.1.52

anonymous profile picture
Account deleted
Posts: 12

24 June 2011, 5:52

Hi Conrad, I am a newbie here, and my opinion may be worthless as such, and the only reason I am responding is that the dog is not annoying me, the kids are all quiet and I saw your post and thought here was a chance to maybe contribute. Whatever, and I hope this is worth something to you. It is my understanding that magic quotes were used to get around some pretty dodgy coding practices in the early days of PHP. That they are still supported in PHP is probably more a testament to social inertia than anything else. It has been recommended in other PHP apps I use to make sure these are set to off - as they may represent a risk. Well, there would if there was some poor code floating in an app, then the code needs to be exposed. In the other hand, it may just be that Magic quotes are useful only for scripts written in Windows Notepad, and not a UTF-8 compliant text editor.  

Conrad Lienhardt's profile picture
Posts: 127

24 June 2011, 8:34

Hi Henry,

thanks for your reply and advice.  When I correctly understand it you think that nowadys magic_quotes_gpc aren't really necessary, because coding has meliorated.  On the other hand I am using an application (Joomla stable 2008) that recommends "on" (may be of unclean codes).

May I say: If "on" that doesn't harm, but if "off"that may be dangerous using applications coded away back?

Regards,
Conrad

Hope, your dog is keeping not annoying you und the kids keep quiet  ;-)

3 results