Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.
  www.smarty.net   •  phpinsider.com  •  Forum Index  •  FAQ  •  Search  •  Memberlist  •  Profile  •  Log in to check your private messages  •  Register  •  Log in
Smarty not Working when Magic_Quotes is ON

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Bugs
View previous topic :: View next topic  
Author Message
ivenms
Smarty n00b


Joined: 15 Jan 2010
Posts: 2
PostPosted: Fri Jan 15, 2010 6:27 am    Post subject: Smarty not Working when Magic_Quotes is ON Reply with quote
I am very frustrated and looking for a solusion. On my server, the magic_quotes is on and I can't switch it off because of security reasons. But the smarty templates are not working at all.

I tried with all versions (Including Beta and Stabe) and also search for a fix for this problem. But not found any result for this problem. To work smarty successfully, I need to eliminate all quotes inside smarty code, which is not possible.

Codes like: {if $var_name eq 'sont string'} also gives me error. Any single quotes or double quotes inside "{" and "}" were actually replaced with a slash in front of it on compilation and that results a smarty trigerred error. I don't know how this is happened.

An error generated by one of my page is:
Code:

Fatal error: Smarty error: [in header.tpl line 81]: syntax error: unidentified token '\'tractor\'' (Smarty_Compiler.class.php, line 1410) in /home/bellou_gr/public_html/libs/Smarty.class.php on line 1112

I need a quick solution for this and hopping to get is as soon as possible.
_________________
Web 3 Links: http://w3l.us
WebMasters Forums
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA
PostPosted: Fri Jan 15, 2010 2:14 pm    Post subject: Reply with quote
magic quotes is solving a problem the wrong way. It is evil and should be disabled. If you can't disable for security reasons, you have bigger problems, find a new host. magic quotes are deprecated and remove entirely from PHP 6.0, so I'd look for a way to get rid of them.

There is a hack on this page to undo them, but this is inefficient.

http://php.net/manual/en/security.magicquotes.disabling.php
Back to top
View user's profile Send private message Visit poster's website
ivenms
Smarty n00b


Joined: 15 Jan 2010
Posts: 2
PostPosted: Sat Jan 16, 2010 6:53 am    Post subject: Reply with quote
Thanks for the rel\ply. I tried that technique already and it is not working for smarty.

I can't change the magic_quotes_runtime to OFF because I am working for my client and the client doesn't want to off that feature.

I am looking for a hack in smarty which is helpful to the users experiencing similar problems.

May be just a stripslashes before taking the tokens. I don't know the internal structure of smarty. So any one who know smarty better can made a hack which is helpful for many users similar to me.

Thanks in advance.
_________________
Web 3 Links: http://w3l.us
WebMasters Forums
Back to top
View user's profile Send private message
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany
PostPosted: Fri Mar 19, 2010 10:22 am    Post subject: Reply with quote
ivenms wrote:
I can't change the magic_quotes_runtime to OFF because I am working for my client and the client doesn't want to off that feature.


Then try to get another client. SCNR.

magic_quotes_runtime is so epically broken that if your client insists on it and thinks that it may raise security it is a clear sign that your client does not have the slightest clue what magic_quotes_runtime is.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
SLX
Smarty Rookie


Joined: 19 Nov 2009
Posts: 11
Location: Wroclaw, Poland
PostPosted: Tue Nov 02, 2010 12:50 pm    Post subject: Reply with quote
magicquotes are evil, I also dissuade using this bad feature. If you cannot disabling it, you must manually remove quotes from POST, GET and COOKIE variables (do not forget about subarrays) somewhere in the beginning of your code. This is of course some inefficient. You can reuse my old code:
Code:
class TSys
   {
   public static function AutoUnmagicQuotes()
      {
      set_magic_quotes_runtime(0);
      if(!get_magic_quotes_gpc()) return;
      if(isset($_POST)) TSys::_UnmagicQuotes($_POST);
      if(isset($_GET)) TSys::_UnmagicQuotes($_GET);
      if(isset($_COOKIES)) TSys::_UnmagicQuotes($_COOKIES);
      }



   private static function _UnmagicQuotes(&$aArray)
      {
      if(is_array($aArray))
        {
        foreach($aArray as $Key=>$Value)
          {
          TSys::_UnmagicQuotes($aArray[$Key]);
          }
        }
      else
        {
        $aArray = stripslashes($aArray);
         }
      }


I didn't tested this very hardly, possibly has some bugs. Consider persuasion on your client to change his mind. You will have more troubles with magicquotes and any real security advantages.
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Bugs All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP