|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
ivenms Smarty n00b
Joined: 15 Jan 2010 Posts: 2
|
Posted: Fri Jan 15, 2010 6:27 am Post subject: Smarty not Working when Magic_Quotes is ON |
|
|
I am very frustrated and looking for a solusion. On my server, the magic_quotes is on and I can't switch it off because of security reasons. But the smarty templates are not working at all.
I tried with all versions (Including Beta and Stabe) and also search for a fix for this problem. But not found any result for this problem. To work smarty successfully, I need to eliminate all quotes inside smarty code, which is not possible.
Codes like: {if $var_name eq 'sont string'} also gives me error. Any single quotes or double quotes inside "{" and "}" were actually replaced with a slash in front of it on compilation and that results a smarty trigerred error. I don't know how this is happened.
An error generated by one of my page is:
Code: |
Fatal error: Smarty error: [in header.tpl line 81]: syntax error: unidentified token '\'tractor\'' (Smarty_Compiler.class.php, line 1410) in /home/bellou_gr/public_html/libs/Smarty.class.php on line 1112
|
I need a quick solution for this and hopping to get is as soon as possible. _________________ Web 3 Links: http://w3l.us
WebMasters Forums |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Fri Jan 15, 2010 2:14 pm Post subject: |
|
|
magic quotes is solving a problem the wrong way. It is evil and should be disabled. If you can't disable for security reasons, you have bigger problems, find a new host. magic quotes are deprecated and remove entirely from PHP 6.0, so I'd look for a way to get rid of them.
There is a hack on this page to undo them, but this is inefficient.
http://php.net/manual/en/security.magicquotes.disabling.php |
|
Back to top |
|
ivenms Smarty n00b
Joined: 15 Jan 2010 Posts: 2
|
Posted: Sat Jan 16, 2010 6:53 am Post subject: |
|
|
Thanks for the rel\ply. I tried that technique already and it is not working for smarty.
I can't change the magic_quotes_runtime to OFF because I am working for my client and the client doesn't want to off that feature.
I am looking for a hack in smarty which is helpful to the users experiencing similar problems.
May be just a stripslashes before taking the tokens. I don't know the internal structure of smarty. So any one who know smarty better can made a hack which is helpful for many users similar to me.
Thanks in advance. _________________ Web 3 Links: http://w3l.us
WebMasters Forums |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Fri Mar 19, 2010 10:22 am Post subject: |
|
|
ivenms wrote: | I can't change the magic_quotes_runtime to OFF because I am working for my client and the client doesn't want to off that feature.
|
Then try to get another client. SCNR.
magic_quotes_runtime is so epically broken that if your client insists on it and thinks that it may raise security it is a clear sign that your client does not have the slightest clue what magic_quotes_runtime is. |
|
Back to top |
|
SLX Smarty Rookie
Joined: 19 Nov 2009 Posts: 11 Location: Wroclaw, Poland
|
Posted: Tue Nov 02, 2010 12:50 pm Post subject: |
|
|
magicquotes are evil, I also dissuade using this bad feature. If you cannot disabling it, you must manually remove quotes from POST, GET and COOKIE variables (do not forget about subarrays) somewhere in the beginning of your code. This is of course some inefficient. You can reuse my old code:
Code: | class TSys
{
public static function AutoUnmagicQuotes()
{
set_magic_quotes_runtime(0);
if(!get_magic_quotes_gpc()) return;
if(isset($_POST)) TSys::_UnmagicQuotes($_POST);
if(isset($_GET)) TSys::_UnmagicQuotes($_GET);
if(isset($_COOKIES)) TSys::_UnmagicQuotes($_COOKIES);
}
private static function _UnmagicQuotes(&$aArray)
{
if(is_array($aArray))
{
foreach($aArray as $Key=>$Value)
{
TSys::_UnmagicQuotes($aArray[$Key]);
}
}
else
{
$aArray = stripslashes($aArray);
}
}
|
I didn't tested this very hardly, possibly has some bugs. Consider persuasion on your client to change his mind. You will have more troubles with magicquotes and any real security advantages. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|