magic_quotes_gpc setting??? :: Zikula Community

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

michiel responded to »password problem« 10:01 AM
mazdev responded to »Hide "Register new account" and change template to 3 col« 07:50 AM
mesteele101 created topic »Zikula 1.3.3 - Site Search 1.5.2 - Unable to turn off plug-ins« 07:48 AM
mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May
mdee created topic »How to implement returnpage ?« 25. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

magic_quotes_gpc setting???

Print topic

Go to page 1 - 2 [+1]:

**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 81
Posted: Jan 02, 2008 - 03:39 AM

In my admin panel of PN .8 RC2, I have the error of "PHP 'magic_quotes_gpc' setting is ON, but should be OFF."
I posted this question in with another question in another post, but the reply I got didn't help me.
Can I just add the line "PHP 'magic_quotes_gpc' off" to my php.ini file?? When I looked in the php.ini file, it wasn't there at all - on or off.
Thanks for any help in advance.

Mickey
larsneo

Rank: Software Foundation

Registered: Dec 31, 1969

Last visit: Oct 21, 2009

Posts: 3814
Posted: Jan 02, 2008 - 03:47 AM

this depends on your individual PHP configuration. usually one can use a .htaccess override or a manual php.ini - see http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc for more information and ask your provider.

--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
jaenosjelantru

Rank: Moderator

Registered: Mar 15, 2005

Last visit: May 30, 2010

Posts: 1077
Posted: Jan 12, 2008 - 07:55 AM

Any help on this one?

In admin, I also receive:
PHP 'magic_quotes_gpc' setting is ON, but should be OFF.
PHP 'register_globals' setting is ON, but should be OFF.

.htaccess:
# security options
php_flag register_globals off
php_flag magic_quotes_gpc off

When my .htaccess is edited to turn magic quotes off as shown above, I get an internal server error 500. When I comment them out, I get the warning from Postnuke. So do I live with the warning or what?

The error in my server logs is:

[Sat Jan 12 12:43:57 2008] [alert] [client ip.ommitted] /home/smart/public_html/.htaccess: Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration
Arthens

Rank: Developer

Registered: Mar 29, 2005

Last visit: Mar 13, 2010

Posts: 228
Posted: Jan 12, 2008 - 08:01 AM

When PHP run as CGI you have to use php.ini instead of .htaccess for the php_flag, that's why you get an internal server error 500.

--
Zikula Italia
SimpleGallery
**unknown user**

Rank: Helper

Registered: Mar 16, 2002

Last visit: May 18, 2010

Posts: 985
Posted: Jan 12, 2008 - 08:07 AM

This assumes that PHP is installed as a module.
Probably PHP is installed as a CGI on your server.
Ask your host for documentation how to install a .htaccess on their servers.

- Igor
jaenosjelantru

Rank: Moderator

Registered: Mar 15, 2005

Last visit: May 30, 2010

Posts: 1077
Posted: Jan 12, 2008 - 08:07 AM

I created a php.ini file with the contents below:

# security options
php_flag magic_quotes_gpc off
php_flag register_globals off

But in admin, I still get this message, though the register_globals warning seems to have dissappeared:

PHP 'magic_quotes_gpc' setting is ON, but should be OFF.
**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 81
Posted: Jan 12, 2008 - 09:09 AM

jaenosjelantru
I created a php.ini file with the contents below:

# security options
php_flag magic_quotes_gpc off
php_flag register_globals off

But in admin, I still get this message, though the register_globals warning seems to have dissappeared:

PHP 'magic_quotes_gpc' setting is ON, but should be OFF.

I didn't need the "php_flag" in my php.ini.
go check out this site. It was recommended to me by another user in the PN forums.
http://www.php.net/m…ni.magic-quotes-gpc.
It's a good tutorial.
If you're getting the 500 error, get rid of the .htaccess. You can move it, delete it or rename it to htaccess.txt.
You can also check out this other thread: http://community.pos…ewtopic&topic=53816.

Mickey
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Aug 24, 2008

Posts: 6
Posted: Aug 24, 2008 - 03:01 AM

I am getting

Code
PHP 'magic_quotes_gpc' setting is ON, but should be OFF.

in my Security Analyzer.

NOTHING that has been suggested above has removed the error. I want the error gone... it is annoying.

I do NOT have the programming knowledge to go trudging through PHP files to figure out where this is being referenced to comment them all out (to say nothing about ACTUALLY commenting them out). As for asking my host... I am the host, so I don't know what my server is running (specifically) but I know that I have an .htaccess file that I've tried editing, adding code to, removing code from, removing the file, etc, etc, etc...

So, is there a way to correct this problem with Zikula 1.0.1 or am I stuck with it?

Sorry to sound edgy, I've searched the Internet and the closest anyone has actually come to answering this is this specific thread.

Thank you in advance.
Topiatic

Rank: Expert

Registered: Nov 23, 2003

Last visit: Dec 13, 2009

Posts: 1487
Posted: Aug 24, 2008 - 06:17 AM

Since you are the host just change the value in php.ini file of your PHP installation and reboot the server.

--
Under Construction!
larsneo

Rank: Software Foundation

Registered: Dec 31, 1969

Last visit: Oct 21, 2009

Posts: 3814
Posted: Aug 24, 2008 - 03:22 PM

first of all: the 'warning' within the administration/sysinfo is for informational purposes. zikula runs with register_globals=on / magic_quotes_gpc=on without a problem

the reason for the message is simply to help you in enhancing the overall security of your site even if your provider uses unsafe settings - this reduces the risk of hacks/defacements if using vulnerable modules. if you host for yourself and don't know how to configure the server/php in a safe way i definitly recommend to check the correspondig documentation, running an unsafe server is a huge risk when thinking of backdoors, phishing sites, spamrelays etc. and it's you who's (legally) responsible for things on your server.

it's always recommended to additionally check the overall security with e.g. phpsecinfo and use e.g. suhosin and modsecurity (as adviced in sysinfo also) if possible

--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
ToonDawg

Rank: Softmore

Registered: Apr 27, 2006

Last visit: Nov 07, 2009

Posts: 111
Posted: Aug 25, 2008 - 09:42 PM

My server has suPHP, so I had to add this to my php.ini file:

magic_quotes_gpc = Off

And this to my .htaccess file:

Code
suPHP_ConfigPath /home/pathtoyourfiles/public_html
<Files php.ini>
order allow,deny
deny from all
</Files>

edited by: ToonDawg, Aug 26, 2008 - 02:43 PM
mrantonio

Rank: Registered User

Registered: Jan 02, 2009

Last visit: Jan 03, 2009

Posts: 2
Posted: Jan 02, 2009 - 04:56 PM

ToonDawg
My server has suPHP, so I had to add this to my php.ini file:

magic_quotes_gpc = Off

And this to my .htaccess file:

Code
suPHP_ConfigPath /home/pathtoyourfiles/public_html
<Files php.ini>
order allow,deny
deny from all
</Files>
edited by: ToonDawg, Aug 26, 2008 - 02:43 PM

I have made as, but my htaccess file incorrectly works... I don't know that it can be, I am possible where that have missed what or a symbol in scripts, but while without results

--
But the truth is that the costs brand name viagra online of prevention pays off, though not all want to admit.
jaenosjelantru

Rank: Moderator

Registered: Mar 15, 2005

Last visit: May 30, 2010

Posts: 1077
Posted: Jan 02, 2009 - 05:57 PM

mrantonio-

Can you clarify your problem?

Are you getting the warning above?
mrantonio

Rank: Registered User

Registered: Jan 02, 2009

Last visit: Jan 03, 2009

Posts: 2
Posted: Jan 02, 2009 - 10:48 PM

I am excused for troubling, a problem has already solved.
The bag was as well as assumed in a file .htaccess. There was an incorrect processing of inquiry on a server of my script.
The decision has found here, thanks guys.

--
But the truth is that the costs brand name viagra online of prevention pays off, though not all want to admit.
{cbj}jim

Rank: Registered User

Registered: May 18, 2009

Last visit: Oct 21, 2009

Posts: 7
Posted: Jun 08, 2009 - 12:12 AM

Melinda
jaenosjelantru
I created a php.ini file with the contents below:

# security options
php_flag magic_quotes_gpc off
php_flag register_globals off

But in admin, I still get this message, though the register_globals warning seems to have dissappeared:

PHP 'magic_quotes_gpc' setting is ON, but should be OFF.

I didn't need the "php_flag" in my php.ini.
go check out this site. It was recommended to me by another user in the PN forums.
http://www.php.net/m…ni.magic-quotes-gpc.
It's a good tutorial.
If you're getting the 500 error, get rid of the .htaccess. You can move it, delete it or rename it to htaccess.txt.
You can also check out this other thread: http://community.pos…ewtopic&topic=53816.

Mickey

I did as stated here above and created the php.ini file but it causes an error with Zikula 1.1.1, it interferes with the Administration module page with AutoTheme themes. Is there another way?