Arnulf Christl schrieb:
On Mon, June 15, 2009 10:53, Christoph Baudson wrote:
Astrid Emde (WhereGroup) schrieb:
On Thu, February 26, 2009 11:51 am, Christoph Baudson wrote:
Hello,
Mapbender is not very decisive whether to use stripslashes on request
parameters or not. We seem to indecisive if we assume
magic_quotes_gpc to be on or off (it is on by default).
I suggest we add something like this to globalSettings.php
if (get_magic_quotes_gpc() === 1) { array_walk($_POST,
'stripslashes');
array_walk($_GET, 'stripslashes'); }
By this, all input would be properly prepared, and no stripslashing
would have to occur.
What do you think?
Christoph
Hello Christoph,
this idea sounds reasonable to me.
astrid
(I have just stumbled over this issue again, which resulted in another
wasted hour. I should have made a motion the first time around.)
I motion to add the code snippet
if (get_magic_quotes_gpc() === 1) { array_walk($_POST, 'stripslashes');
array_walk($_GET, 'stripslashes'); }
to globalSettings.php, so it will automatically be executed in every
module. I volunteer to search for every occurence of stripslashes in
Mapbender, and remove it where appropriate.
(Maybe this is something that can be done in Bolsena.)
Please second and vote.
Seconded by Arnulf
Vote: +1
Motion carried.
However the code has been altered a bit for security reasons (the code
snippet above is recursive)
http://pastebin.org/24512
There is no need to use stripslashes on request data!
Christoph
Best regards,
Arnulf
Christoph
_______________________________________________
Mapbender_dev mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapbender_dev
--
_______________________________________
W h e r e G r o u p GmbH & Co. KG
Siemensstraße 8
53121 Bonn
Germany
Christoph Baudson
Anwendungsentwickler
Fon: +49 (0)228 / 90 90 38 - 15
Fax: +49 (0)228 / 90 90 38 - 11
[email protected] www.wheregroup.com Amtsgericht Bonn, HRA
6788
_______________________________________
Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch: Olaf Knopp, Peter Stamm
_______________________________________
_______________________________________________
Mapbender_dev mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapbender_dev
--
********************************************
INTERGEO 2009
22.-24. September 2009 in Karlsruhe
Halle 1, Stand 1.417
www.intergeo.de
********************************************
_______________________________________
W h e r e G r o u p GmbH & Co. KG
Siemensstraße 8
53121 Bonn
Germany
Christoph Baudson
Anwendungsentwickler
Fon: +49 (0)228 / 90 90 38 - 15
Fax: +49 (0)228 / 90 90 38 - 11
[email protected]
www.wheregroup.com
Amtsgericht Bonn, HRA 6788
_______________________________________
Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Olaf Knopp, Peter Stamm
_______________________________________
_______________________________________________
Mapbender_dev mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapbender_dev
