Friday, April 30, 2010

zikula error PHP 'magic_quotes_gpc' setting is ON, but should be OFF.

You should, however, replace it with an appropriate php.ini file. Contact your hosting provider for information on using php.ini to disable register_globals and magic_quotes_gpc
http://community.zikula.org/index.php?module=Wiki&tag=UpgradingZikula764


If the directive magic_quotes_sybase is ON it will completely override magic_quotes_gpc. So even when get_magic_quotes_gpc() returns TRUE neither double quotes, backslashes or NUL's will be escaped. Only single quotes will be escaped. In this case they'll look like: ''
http://www.php.net/manual/en/function.get-magic-quotes-gpc.php

http://www.php.net/manual/en/security.magicquotes.php
Warning

This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

An example that sets the value of these directives to Off in php.ini. For additional details, read the manual section titled How to change configuration settings.

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

http://www.php.net/manual/en/security.magicquotes.disabling.php

summary no solution on zikula help forums or anywhere else . and as this is on shared posting php.ini is not visible to the user .

Other Places to Go

reinstalling to the latest version of zikula seems to have solved the issue?(hopefully)

NO f** luck :(

Security analyser warnings

  • Configuration file 'config/config.php' is writeable, but should be read-only (644 or 444).
  • PHP 'magic_quotes_gpc' setting is ON, but should be OFF.

{if
$notices.security.magic_quotes_gpc or
$notices.security.register_globals or
$notices.security.config_php or
!$notices.security.temp_htaccess or
!$notices.security.useids or
!$notices.security.scactive or
(!$notices.security.useids and
$notices.security.scactive)}


http://code.zikula.org/core/changeset/232/

An example that sets the value of these directives to Off in php.ini. For additional details, read the manual section titled How to change configuration settings.

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

If access to the server configuration is unavailable, use of .htaccess is also an option. For example:

php_flag magic_quotes_gpc Off


http://us.php.net/manual/en/security.magicquotes.disabling.php

http://www.siteground.com/tutorials/zikula/zikula_installation.htm

created a .htaccess files and uploaded it with
php_flag magic_quotes_gpc Off

this gives a error 500 Internal Server Error

you could probably create a second php.ini file inside your AutoTheme folder that would undo what you did in the first php.ini file.
http://community.zikula.org/module-Forum-viewtopic-topic-53791-start-15.htm

No comments:

Post a Comment