magic quotes

[adicrst]

Does it affect smf if i turn off from php.ini the magic_quotes ?

right now it's like this
magic_quotes_gpc   On   On
magic_quotes_runtime   Off   Off
magic_quotes_sybase   Off   Off

would there be a problem ?

[adicrst]

also, will it affect smf if allow_url_fopen are off ?

[ccbtimewiz]

When on, all ' (single-quote), " (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. Identical to what addslashes() does.

Is there a particular reason to why you want to disable it?

[adicrst]

security reason
http://www.php.net/magic_quotes

[Jade Elizabeth]

http://docs.simplemachines.org/index.php?topic=9.0

Woot, Documentation ROCKS!!!

[adicrst]

When on, all ' (single-quote), " (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. Identical to what addslashes() does.

Is there a particular reason to why you want to disable it?

the thing is that if i made a script and use mysql_real_escape_string() the data is inserted into DB with the backslash (ex: adi\'s) and then i have to use stripslashes(). That wouldn't be a problem, but i don't like the data being with backslashes in DB. And on the server i also host a smf, so i was wondering if it affects it

http://docs.simplemachines.org/index.php?topic=9.0

Woot, Documentation ROCKS!!!

it sais about magic_quotes_sybase being off, so i guess the magic_quotes_gpc doesn't really mater

[Jade Elizabeth]

If it's not in the recommendations, I HIGHLY doubt it matters, unless someone missed it .

[adicrst]

neeh, smf is serious business so i doubt that the doc isn't accurate

[ccbtimewiz]

It's only required in PHP versions less than 5.

[GoinNutz]

Due to the fact that magic_quotes is becoming deprecated / removed in PHP 6, we decided to see what would happen if we turned off magic_quotes_gpc on our server (which is currently running PHP 5).

Right away we discovered a problem - if there is an apostrophe in the name of the forum, the forum won't load and you'll just get "unexpected T_STRING" error in Settings.php until you remove the apostrophe.

So for example, a forum named "Joe's Forum" in Settings.php will just get the T_STRING error until either the apostrophe is removed or magic_quotes_gpc is turned back on in PHP. (Yes, even in PHP 5, which is what is running on our server).

I think this is going to become a significant issue for a lot of scripts, developers, and webmasters alike when hosts start upgrading to PHP 6 and magic quotes feature is gone completely.

[Sarge]

Right away we discovered a problem - if there is an apostrophe in the name of the forum, the forum won't load and you'll just get "unexpected T_STRING" error in Settings.php until you remove the apostrophe.

You don't need to remove the apostrophe -- just escape it (add a backslash in front of it) in Settings.php.

The error should look like this:

Code Select Expand


Parse error: syntax error, unexpected T_STRING in [path_to_smf]/Settings.php on line 32


How did you change your forum name? Via Admin > Server Settings or by modifying Settings.php manually?

What SMF version are you using?

magic_quotes_gpc, _runtime and _sybase are off on my localhost server and my test forum is on SMF 1.1.7. I inserted an apostrophe in the forum name via Admin > Server Settings and the error didn't occur. All apostrophes in the forum name were escaped. (I also tried with the Maintenance Mode title and message.)

The error was triggered only when I edited Settings.php and removed the \ (backslash) in front of apostrophe(s) manually. It doesn't matter whether magic_quotes_gpc is on or off, the error is always triggered if there are unescaped apostrophes in the forum name (or maintenance mode title or message) in Settings.php.

I also inserted an apostrophe in the forum name with magic_quotes_gpc turned on, and then I turned it off -- still no error.

Can you post a step-by-step list of changes so that we can try to reproduce the issue?

[GoinNutz]

Thanks for the input Sarge, your question about how we named the forum just made me think of something that might be a factor.

The one particular forum I was using as my example was installed from Fantastico and so that was where it was initially named - in the installation form that you fill out in the Fantastico interface. (I prefer manual installs, but I'm working with several other people on various boards and some want to go the Fantastico route for supposed ease, and in certain situations I have to play along).

Makes me wonder if that is part of the problem, but the problem didn't start until we upgraded. The inital install was SMF 1.1.5 and when we upgraded to 1.1.6 the error happened, and since we couldn't access admin we removed the apostrophe manually. Then when we upgraded to 1.1.7 the same thing occurred.

As soon as I get a chance I'm goint to do a couple of test board installs - one from Fantastico, and one manually straight from the files right in the download section here on the SMF site, and see what happens from there when using 's in the names and changing them straight from the admin panel. Might have to wait for the next version to reach any conclusions though.

In any case, it's encouraging to hear that the problem was only triggered when you edited Settings.php manually, and not when you edited the name from the admin interface.

[Sarge]

You can download the SMF 1.1.6 Full Install package straight from the Archived releases page. Just be sure to either update it to SMF 1.1.7 or delete it after testing.

Are you using UTF-8 in your SMF installs? Is the forum name in UTF-8 (basically, is it using any non-English characters and/or symbols)?

Was the forum updated via Fantastico, or directly from SMF Admin?

As I mentioned before, you don't have to remove the ' (apostrophe); you can simply escape it -- that is, add a \ (backslash) in front of every apostrophe in the forum name in Settings.php. So, this:

Code Select Expand


$mbname = 'Joe's Forum';


should be:

Code Select Expand


$mbname = 'Joe\'s Forum';


in Settings.php.

[GoinNutz]

Thanks again for the reply Sarge, I have some info that might be of interest or note.

To answer two of your questions, no I'm not using any non-English characters and typically just want a standard English install, and the upgrades / updates were done from within Fantastico.

I haven't done the manual install / test yet, but I did just do a fresh test 1.1.7 install from Fantastico and here are the first 3 significant relevant things I see:

1. In the field where Fantastico asks you to enter the name of your forum, I entered "Joe's Forum" (without the quotes of course), and guess what - it automatically chopped off everything after the apostrophe, so the name at the top of the test forum is just "Joe".

2. When I log into the admin section and examine Server Settings, by default Fantastico has the permissions set un-writeable (IE: I'd need to manually chomod Settings.php to 777 if I want to edit it from the admin panel) and for the Default Forum Language it automatically set it to "English-Utf8".

3. After chmod Settings.php to 777, I can go to Server Settings in admin and change the forum name from just "Joe" to "Joe's Forum" and it works fine.

So although I haven't tested out a manual install yet, I think all clues above are pointing to this tentative conlusion - with magic_quotes_gpc disabled in PHP, installing SMF from Fantastico won't allow apostrophes in the forum name. But then, after opening permissions on Settings.php and changing the name in Server Settings, the apostrophe can be added. This leads me to believe that when applying upgrades via Fantastico, it somehow kills SMF's ability to include the apostrophe in the name and forces you to edit Settings.php manually and add the \' to get rid of the error (until the next upgrade via Fantastico, wash / rinse / repeat).
So my conclusion is that Fantastico is sort of the culprit here, and that it possibly relies on magic quotes for it's installs / upgrades, which would explain why each Fantastico upgrade "breaks" the forum if the name includes an apostrophe.

I'm about to do a manual install to test out this theory, but I'm willing to bet that there will be no such trouble when going with a straight manual install / manual upgrades. While Fantastico may be a nice handy tool in some ways, I think it presents more potential problems than it's worth (but we all probably already knew that ).

Granted this post is just my opinion and experience so far, but hopefully the information proves to be useful to someone.

[Sarge]

Do you use ' (apostrophe) or ' (curly apostrophe, like those in MS Word)? If the latter, then a bug related to UTF-8 in Fantastico SMF installs might be the culprit.

In any case, check the collation of your forum database tables. If they're in latin1 (or at least different from utf8), here's the fix:
http://www.simplemachines.org/community/index.php?topic=166743.msg1151417#msg1151417

Also verify that this line:

Code Select Expand


$db_character_set = 'utf8';

is not present in Settings.php; if it is, delete that line.

In your case, there's no need to convert to UTF-8 after applying the fix, since you said you don't need support for non-English characters.

After applying the fix, switch the default forum language from English-Utf8 to English.

[GoinNutz]

Sarge - as I suspected / expected, the problem appears to only happen with SMF that have been installed from Fantastico. I just downloaded the 1.1.6 from the archive that you linked, installed it with the forum name "Joe's Forum" and that went just fine. Then I used the Package Manager to upgrade it to 1.1.7, and surprise surprise... no problem at all. The forum retained the name with the apostrophe and no errors. My personal conclusion (opinion, not fact) - Fantastico easily bumbles upgrades and I think it's installer is dependent on magic quotes, and there's really no need to resort to Fantastico when SMF's Package feature and update alerts are so well implemented.

I wish I could convince some of the people that I collaborate with that manual installs are the only way to go, and that if they just follow the documentation it's not a big deal to install, but alas for some of them anything that goes beyond point & click or takes 5 minutes of reading seems like a hassle to them.

Fortunately I've learned a way to "disconnect" SMF from it's Fantastico leash if it was originally installed via Fantastico, and to move forward strictly manual / straight SMF updates from there on

[GoinNutz]

- I don't use the curly apostrophe - just the straight '
- There is no character_set utf8 line in my Settings.php the manual install I just did
- So far I haven't seen the need to apply any fix on the manual install, it works like a charm

Seems to me the only trouble is with Fantastico installs. I know I must sound like a Fantastico hater at this point, but I can't help it. I understand the demand / desire for Fantastico so that scripts like this are easily accessable to the masses, but it further compounds the problem of troubleshooting when combined with users who wouldn't know FTP if it bit them (no offense intended to anyone, I'm just shooting straight here).

[Sarge]

Fantastico also installs a truckload of language packs that are just useless in most forums. While they don't cause any problem by themselves, they do take up a lot of space.

I'm curious about whether it happens because of the Fantastico UTF-8 bug or because of some other bug. Can you verify the contents of the post I linked to above on a Fantastico SMF install (and also after an SMF upgrade, again from Fantastico)?

If the apostrophe issue is indeed happening in non-UTF-8 installs/upgrades as well, we could try contacting Netenberg (the makers of Fantastico). We have already contacted them several times about the bug related to UTF-8 installs.

Since the mentioned issue is not caused by SMF, I'm marking this topic as solved. Please do, however, visit the Netenberg forum -- the more people post there about SMF-related issues caused by Fantastico, the better.

Thank you!

[GoinNutz]

Can you verify the contents of the post I linked to above on a Fantastico SMF install (and also after an SMF upgrade, again from Fantastico)?

I have a deadline to meet this morning so I can't do it right now, but I will go through my test examples again tonight and take a look at everything through phpMyAdmin as per your link to the other post and get back to you. I'd like to do it all right now, but unfortunately it's almost 5:00am here and I've got obligations this morning, so I have to break away for now. If you'd like, I can PM you with my findings later tonight or I can just post them in that other thread.

Thank YOU for taking an interest in the issue and your responses.

[Sarge]

That's fine, real life comes first! Please let us know only when you find the time and willingness, no earlier!

I would kindly ask you to post your findings here, though -- the other topic is a bit old and not for exactly the same issue. Posting the results publicly (as opposed to sending them to me via PM) might be helpful to other people that search this forum about it. As for me, I'm subscribed to this topic, so I'll get a notification via e-mail whenever there's a response.

Thanks again! And... You're Welcome!