where should I turn off magic quotes?
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Intern
- Posts: 83
- Joined: Thu Apr 27, 2006 2:54 am
where should I turn off magic quotes?
after upgrading to 1011, i got this message:
PHP magic_quotes_gpc setting is `OFF` instead of `ON
Could somebody please point to me which file I should edit to turn it off?
Thanks
drb
PHP magic_quotes_gpc setting is `OFF` instead of `ON
Could somebody please point to me which file I should edit to turn it off?
Thanks
drb
- phoebe
- Joomla! Enthusiast
- Posts: 132
- Joined: Wed Mar 22, 2006 8:00 am
- Location: UK
- Contact:
Re: where should I turn off magic quotes?
This is in your php.ini file on your server. Depending on what set up you have, you may be able to edit it yourself, or have to ask your hoster to do it for you.
Phoebe
--
I'm not bossy, I just have better ideas.
--
I'm not bossy, I just have better ideas.
-
- Joomla! Intern
- Posts: 89
- Joined: Sat Jul 29, 2006 8:56 pm
Re: where should I turn off magic quotes?
Hello!
You are going to get shout on by the editors because its written on many posts how to turn it off...
(since its a important part of the security warnings of joomla 1.0.11)
I give you the source: (its the official sticky post on security)
http://forum.joomla.org/index.php/topic,93640.0.html
and the extract:
Magic Quotes
What does it do?
This function makes sure that all variables that are handed over to your database are getting escaped. This means that potential hacker attempts on your database through PHP scripts are prevented. This option should be turned ON!
How can I turn magic_quotes_gpc on?
Basically its the same as with register_globals, the only difference is, that you have to put the following line in your .htaccess:
Code:
php_flag magic_quotes_gpc on
And in the php.ini:
Code:
magic_quotes_gpc = on
else I give you the php source:
http://ch2.php.net/manual/en/security.m ... abling.php
If access to the server configuration is unavailable, use of .htaccess is also an option. For example:
php_flag magic_quotes_gpc Off
that will help!
You are going to get shout on by the editors because its written on many posts how to turn it off...
(since its a important part of the security warnings of joomla 1.0.11)
I give you the source: (its the official sticky post on security)
http://forum.joomla.org/index.php/topic,93640.0.html
and the extract:
Magic Quotes
What does it do?
This function makes sure that all variables that are handed over to your database are getting escaped. This means that potential hacker attempts on your database through PHP scripts are prevented. This option should be turned ON!
How can I turn magic_quotes_gpc on?
Basically its the same as with register_globals, the only difference is, that you have to put the following line in your .htaccess:
Code:
php_flag magic_quotes_gpc on
And in the php.ini:
Code:
magic_quotes_gpc = on
else I give you the php source:
http://ch2.php.net/manual/en/security.m ... abling.php
If access to the server configuration is unavailable, use of .htaccess is also an option. For example:
php_flag magic_quotes_gpc Off
that will help!
-
- Joomla! Intern
- Posts: 83
- Joined: Thu Apr 27, 2006 2:54 am
Re: where should I turn off magic quotes?
Thanks and sorry for asking such a redundant question. I am learning all these new stuff and my search capabilities in joomla.org weren't quite good enough to pull the answer and hence I posed the question.
Thanks so much again,
drb
Thanks so much again,
drb
- tj.baker
- Joomla! Enthusiast
- Posts: 231
- Joined: Tue Feb 14, 2006 6:23 am
Re: where should I turn off magic quotes?
I am totally confused on this issue, and I am going to write my confusion here instead of creating a new thread...... so someone please respond!
I thought that the recomendation is for magic quotes to be turned on??
If this is correct, and my host will not do it for me, how do I accomplish this?
I set the line (php_flag magic_quotes_gpc on) in .htaccess.... now what?
peace,
tj
I thought that the recomendation is for magic quotes to be turned on??
If this is correct, and my host will not do it for me, how do I accomplish this?
I set the line (php_flag magic_quotes_gpc on) in .htaccess.... now what?
peace,
tj
- Hackwar
- Joomla! Virtuoso
- Posts: 3788
- Joined: Fri Sep 16, 2005 8:41 pm
- Location: NRW - Germany
- Contact:
Re: where should I turn off magic quotes?
Please read this: http://forum.joomla.org/index.php/topic,93640.0.html
god doesn't play dice with the universe. not after that drunken night with the devil where he lost classical mechanics in a game of craps.
Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.
Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.
- tj.baker
- Joomla! Enthusiast
- Posts: 231
- Joined: Tue Feb 14, 2006 6:23 am
Re: where should I turn off magic quotes?
Thank you Hackwar,Hackwar wrote: Please read this: http://forum.joomla.org/index.php/topic,93640.0.html
I read everything, and followed the recomended steps for magic quotes, adding the line in .htaccess as well as php.ini.
I still get a message from J! that magic quotes is set to "off" and should be "on".
This is what my host recomends to turn it on:
"For that you would need to compile your own version of PHP, and thus
modify the php.ini file as needed. Here are instructions:
http://wiki.dreamhost.com/index.php/Installing_PHP5"
Am I going ot have to compile my own freakin' version of PHP on the server? If so, this is getting rediculous.... :P
I have enjoyed learning everything I have learned since discovering J!...... however, I do not currently have the time to spend on compiling PHP just to change one setting.....
I sure hope there's another solution....
Thanks for the help!
peace,
tj
- Hackwar
- Joomla! Virtuoso
- Posts: 3788
- Joined: Fri Sep 16, 2005 8:41 pm
- Location: NRW - Germany
- Contact:
Re: where should I turn off magic quotes?
You have basically three options:
1. Adjust the setting. When it does not work:
2. Change your hosting provider or
3. leave it as it is. When you've read my text, you know what MAgic Quotes is for and if you're lucky, your extensions are coded correctly. The risk thats coming with MQ turned off is acceptable. It would be a nice addition but its no 100% must.
1. Adjust the setting. When it does not work:
2. Change your hosting provider or
3. leave it as it is. When you've read my text, you know what MAgic Quotes is for and if you're lucky, your extensions are coded correctly. The risk thats coming with MQ turned off is acceptable. It would be a nice addition but its no 100% must.
god doesn't play dice with the universe. not after that drunken night with the devil where he lost classical mechanics in a game of craps.
Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.
Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.
- DesignGuy
- Joomla! Explorer
- Posts: 263
- Joined: Sat Sep 02, 2006 9:33 pm
- Location: Chicago, USA
- Contact:
Re: where should I turn off magic quotes?
I'll add that php 5.4.7 actually solves this issue, BUT make sure you're aware FIRST that if you change this setting at a server-level, and you have other domains on the server which are NOT being powered by Joomla! 3.x, they will be affected as well.
From personal experience (just tried it this morning, to see what would happen), sites powered by Joomla 2.5 are not compatible with php 5.4.7 in its default settings. You end up with one big mess. So, I reverted back to safer ground, running php 5.3.1.
Ah, the wonder of it all!
From personal experience (just tried it this morning, to see what would happen), sites powered by Joomla 2.5 are not compatible with php 5.4.7 in its default settings. You end up with one big mess. So, I reverted back to safer ground, running php 5.3.1.
Ah, the wonder of it all!
John Coonen
Host, CMS Expo Learning & Business Conference - http://CMSExpo.net
Managing Director, The CMS Connection - http://CMSConnection.com
Co-founder, JoomlaChicago
Host, CMS Expo Learning & Business Conference - http://CMSExpo.net
Managing Director, The CMS Connection - http://CMSConnection.com
Co-founder, JoomlaChicago
- DesignGuy
- Joomla! Explorer
- Posts: 263
- Joined: Sat Sep 02, 2006 9:33 pm
- Location: Chicago, USA
- Contact:
Re: where should I turn off magic quotes?
(removed)
Last edited by DesignGuy on Thu Oct 18, 2012 11:53 pm, edited 2 times in total.
John Coonen
Host, CMS Expo Learning & Business Conference - http://CMSExpo.net
Managing Director, The CMS Connection - http://CMSConnection.com
Co-founder, JoomlaChicago
Host, CMS Expo Learning & Business Conference - http://CMSExpo.net
Managing Director, The CMS Connection - http://CMSConnection.com
Co-founder, JoomlaChicago
- mandville
- Joomla! Master
- Posts: 15149
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: where should I turn off magic quotes?
Please post in the joomla forums this forums are for joomla 1.0 only
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Fledgling
- Posts: 3
- Joined: Sat May 25, 2013 5:46 am
Re: where should I turn off magic quotes?
I don't know how to turn off magic quotes...
but maybe this can help you to get rid of those problems...
but maybe this can help you to get rid of those problems...
3rdlion wrote:I decided to move this into its own thread. Hopefully this saves some other people time in getting their Joomla 3.0 site up and running.
Preamble
I've been seeing quite a few questions relating to Magic Quotes needing to be turned off in order to install Joomla 3.0 Many of the responses ask you to alter the php.ini or edit other high level server config.
All of this unnecessary server tinkering is just madness!
You can't even install Joomla 3.0 without turning off Magic Quotes.
And its these kind of UX blocks that put Joomla so far backwards it's not even funny.
In many cases altering php.ini is just not possible (shared hosting etc).
Magic Quotes Enable sites have existed no problem alongside Anti Magic Quotes sites, so what changed in Joomla 3.0? Why should you alter your server config?
With some careful editing, you can turn the clock back to the way things used to be and use Joomla 3.0 with Magic Quotes turned ON!
Here's how to do it:
PART 1
- Step 1 Download the latest Joomla 3.0
- Step 2 Extract the files on your server
- Step 3 Open your favourite PHP editor
- Step 4 Navigate and open installation/models/setup.php
- Step 5 Scroll down to find line 234
Code: Select all
// Check for magic quotes gpc. $option = new stdClass; $option->label = JText::_('INSTL_MAGIC_QUOTES_GPC'); $option->state = (ini_get('magic_quotes_gpc') == false); $option->notice = null; $options[] = $option;
Now you can install Joomla 3.0 no problem.
- Step 6 Comment out the code above and save the file
IMPORTANT
However, Magic Quotes and Joomla's new special character escaping will cause duplicate escaping when editing/creating content. This renders anything that's not plain text incorrectly. So, we need to add one small condition to the core (this used to exist pre Joomla 3.0)
PART 2
- Step 1 Navigate and open libraries/joomla/filter/input.php
- Step 2 Scroll down to find line 261
Code: Select all
public function clean($source, $type = 'string') { // Handle the type constraint switch (strtoupper($type)) {... } // -- ADD THIS CODE HERE // Handle magic quotes compatibility if(get_magic_quotes_gpc()) $result = self::_stripSlashesRecursive($result); }
- Step 3 Add the code marked above to the clean function
- Step 4 You may have noticed we're only running this when Magic Quotes is set to ON and referring to a new function called _stripSlashesRecursive. Now, we need to add that function to the class.
Scroll to line 755 and add the following function:If you want to learn about why Joomla is trying to force us to disable Magic Quotes then check out this link:Code: Select all
/** * Strips slashes recursively on an array. * * @param array $value Array or (nested arrays) of strings. * * @return array The input array with stripslashes applied to it. * * @deprecated 12.1 - Sanctioned on 2012-10-09 thanks to Anton Wintergerst * @since 11.1 */ protected static function _stripSlashesRecursive($value) { $value = is_array($value) ? array_map(array('JFilterInput', '_stripSlashesRecursive'), $value) : stripslashes($value); return $value; }
http://www.php.net/manual/en/security.m ... whynot.php
-
- Joomla! Fledgling
- Posts: 3
- Joined: Fri Feb 23, 2007 8:03 pm
Re: where should I turn off magic quotes?
None of this work for me. And this is taking so much effort for a noob like me. Joomla shouldn't release this fail 3.0 version.