Comments (5)
Thanks for the report, although I don't see this information anywhere in the
docs.
Anyway, if you have an idea how to work around that without breaking
compatibility with older versions (and bad server setups), please tell me.
Otherwise I'll have to look for it myself.
Original comment by [email protected]
on 3 Oct 2011 at 10:24
- Changed state: Accepted
from lightopenid.
Hi, I have just removed the verification in this line and I use directly the
function stripslashes($value), without executing getmagic_quotes_gpc().
I'm not sure about the impact of this change in previous versions, but as far
as I know that function is also deprecated in php 5.3
Original comment by [email protected]
on 3 Oct 2011 at 10:48
from lightopenid.
This isn't a good general solution.
For example, a string: $str = 'asd\f';
Without magic quotes: stripslashes($str) == 'asdf'
With magic quotes: stripslashes($str) == 'asd\f'
Why? Because magic quotes would make the string 'asd\\f' (if it came from GET,
or something, of course).
So if I wanted to do something like this, I'd just remove the whole block.
I'd rather look for a general solution before doing it.
Also, magic_quotes are deprecated since php 5.3, but get_magic_quotes_gpc is
not, as it has to be used in order to maintain backwards compatibility. At
least that's how I understand the php.net docs (it isn't stated anywhere that
get_magic_quotes_gpc is deprecated).
Original comment by [email protected]
on 3 Oct 2011 at 1:18
from lightopenid.
You can use the filter extension (http://php.net/filter) which takes into
consideration magic quotes when filtering variables from GET and POST.
Instead of:
$this->data = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_GET;
Do:
$this->data = filter_input_array($_SERVER['REQUEST_METHOD'] === 'POST' ?
INPUT_POST : INPUT_GET, FILTER_UNSAFE_RAW);
Original comment by malterisio777
on 7 Oct 2011 at 7:19
from lightopenid.
Original comment by [email protected]
on 9 Oct 2011 at 9:32
- Changed state: Fixed
from lightopenid.
Related Issues (20)
- version 0.5 example works but not version 0.6 HOT 3
- Ax/SReg Params may be unsigned
- LightOpenId constructor fails when trusted root URL is less than 8 chars
- Problem with curl request on a server
- Missing: A License File HOT 2
- add composer support HOT 1
- wrong mimetype check in openid.php ? HOT 3
- Use Steam as provider HOT 1
- #-comments HOT 6
- returning clamed_id is a wrong approach HOT 5
- magic get/set methods HOT 3
- LightOpenID magic properties do not work with Twig template engine due to lack of __isset
- New release HOT 1
- keep waiting for localhost HOT 2
- Validation fails when there are accent in the required variable HOT 2
- Yahoo OpenID not working on newer versions of PHP/cURL [patch proposed]
- The regular expressions in htmlTag parse some valid responses incorrectly
- Support for OpenID Connect? HOT 1
- How to select eid applet language ?
- Unregistered domain error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lightopenid.