General ⇒ DVCS Info (Mercurial/CVS) :: Archives ⇒ IMPORTANT NOTE :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexDVCS Info (Mercurial/CVS)

Archived ⇒ IMPORTANT NOTE


As of today the CVS has had a huge change.
Due to different handling of addslashes, stripslashes, magic_quotes and magic_quotes_sybase we had to rewrite the Fix_Quotes system because it always gave errors.

Now all $_GET, $_POST and $_FILES are stripped from slashes.

There is a security risk involved but the SQL handler should trace the bugs nicely.

However to avoid errors we use Fix_Quotes() everywhere and that is done in the forums as well.
So should you, and please report any found issues with the new system in THIS THREAD

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


Hmm let me explain this a bit more:

say you have a single and double quote: "can't" be

Now when magic_quotes is on this value is: "can\'t" be

When sybase is on the slashes are ignored: "can''t"be <= note the 2 single quotes

Now addslashes and stripslashes working properly removing the \ or the '

But now you gonna run a Query: "SELECT * FROM cms_users WHERE username='it''sme'"
Between the "t" and the "s" are 2 single quotes and mysql dies.

Fix_Quotes did the stripslashes and then mysql_escape_string to get it properly working.

But now the other error which Fix_Quotes() was causing due to above.
Say you have a string "Thanks for visiting\r\nClick here"
Insert that in DB using Fix_Quotes you get: "Thanks for visitingrnClick here"
You see the linebreak is gone Confused

So now we run the whole system without slashes and on insertion the Fix_Quotes prepares the string nicely for the database Very Happy

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


I'm still fuzzy on this but let me reread it a few more times it will sink in Smile

J.
j e r u v y a t y a h o o d o t c o m

Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}

All times are UTC