Ask not what osTicket community can do for you - ask what you can do for osTicket community
|
|||||||
| /include/mysql.php db_output() incorrectly uses get_magic_quotes_runtime() | ||||
|---|---|---|---|---|
| This causes spurious slashes to appear in displayed data on forms if your site has magic quotes off. | ||||
Category Unknown |
Affected Version 1.6 rc5 |
Priority 5 - Medium |
||
Status Fixed |
Fixed Version 1.6 Stable |
|||
Submitted 09-26-2009 |
||||
|
||||
09-26-2009 03:32 AM
|
|
|
|
|
/include/mysql.php db_output() incorrectly uses get_magic_quotes_runtime()
This causes spurious slashes to appear in displayed data on forms if your site has magic quotes off.
The problem is that in /include/mysql.php the function db_input() calls db_real_escape() which uses mysql_real_escape_string() (and only strips slashes if get_magic_quotes_runtime() whereas db_output() doesn't do anything if get_magic_quotes_runtime() is off.
This means that db_output() isn't a correct opposite of db_input() because you only need to check get_magic_quotes_runtime() before you call mysql_real_escape_string() (which then adds slashes to certain stuff), whereas if you want to undo what mysql_real_escape_string() does then you do not need to check get_magic_quotes_runtime() but just go ahead and strip the slashes that mysql_real_escape_string() stuck in. Thus in /includes/mysql.php in the function db_output on line 31 remove the two lines, PHP Code:
PHP Code:
|
|
01-19-2010 01:37 PM
|
||
|
||
|
Thank you! I did see spurious slashes and had no idea why.
Please note that get_magic_quotes_runtime() etc. is deprecated in PHP 5.3+ anyway, see http://www.php.net/manual/en/info.co...quotes-runtime and osTicket bug report 170 
|
 |
| Issue Tools |
|---|
 Subscribe to this issue |
All times are GMT -4. The time now is 07:50 AM.