#59 ✓resolved
Joshua Paine

recess tools should handle magic_quotes

Reported by Joshua Paine | January 29th, 2009 @ 02:03 PM | in 0.12

I accidentally had magic_quotes_gpc on. And I used a ' in my app name. I ended up with a multiplication of backslashes, and the line in the controller looked (invalidly) like this:

$this->name = 'Foo\\'s Bar';

Similar stuff in the generated views, though those just look bad and don't cause a crash. magic_quotes is a huge misfeature, but recess should at least warn about it if not actually work around it. (Working around would be better.)

Comments and changes to this ticket

  • Joshua Paine

    Joshua Paine January 29th, 2009 @ 02:04 PM

    Ironically, lighthouse seems to have some kind of escaping issue as well, since in my submission there were four backslashes in a row, not two.

  • Kris Jordan

    Kris Jordan February 4th, 2009 @ 06:00 PM

    • Tag set to magic, quotes
    • State changed from “new” to “open”

    Need to spend some quality time with magic_quotes turned back on and identify the best path forward for addressing this at the framework level.

    Thanks for the report! Leaving this ticket open for the time being.

  • Kris Jordan

    Kris Jordan March 30th, 2009 @ 09:52 PM

    • Milestone changed from 0.11.1 to 0.12
    • State changed from “open” to “hold”

    I believe is fixed in a commit you made Joshua with changes to the htacess file. Can you comment?

  • Joshua Paine

    Joshua Paine March 30th, 2009 @ 10:31 PM

    The htaccess change fixes it for people running with PHP as an apache module if their server config lets them change PHP settings that way. Some shared hosts (e.g., Bluehost) do PHP as a [Fast]CGI or even suexec, and probably some do the module but don't allow settings that way.

    Tools could have some code that checks whether magic quotes is enabled and then 1) un-magic-quotes the input arrays 2) puts a banner at the top of the screen warning that magic quotes shouldn't be on (up to user to config correctly) 3) both

    Also a question of whether the framework should instead do (1) for all apps.

  • Kris Jordan

    Kris Jordan March 30th, 2009 @ 10:48 PM

    • State changed from “hold” to “open”

    Thanks for the clarification. Breaking this ticket in two. This ticket will remain in the 0.12 release and provide the stopgap #2 you've highlighted.

    Creating a new ticket for 0.20 to address magic quotes correctly in tools and the framework. Also going to send out an e-mail to the discussion group to discuss framework-level magic quotes support.

  • Kris Jordan

    Kris Jordan March 31st, 2009 @ 03:18 PM

    • State changed from “open” to “resolved”

    Resolved with commit 0067cc7.

    Added warning to Recess Tools. Also gained insight on how to handle this at the framework level from the official word on PHP.net:


    A workaround at the framework level (that is viciously slow) can be found here: http://us3.php.net/manual/en/sec...

  • Kris Jordan

    Kris Jordan March 31st, 2009 @ 03:26 PM

    Also I've removed the random quotes. Just for you, Joshua :)

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

The Recess PHP Framework is an open source, full stack, RESTful PHP framework.


People watching this ticket