问题
I'm writing a app that needs to be portable. I know I should disable magic quotes on the PHP configuration but in this case I don't know if I can do that, so I'm using the following code:
if (get_magic_quotes_gpc() === 1)
{
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process))
{
foreach ($val as $k => $v)
{
unset($process[$key][$k]);
if (is_array($v))
{
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
}
else
{
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
To simplify the process of disabling magic quotes I had the following idea:
if (get_magic_quotes_gpc() === 1)
{
foreach (array('GET', 'POST', 'COOKIE', 'REQUEST') as $array)
{
${'_'.$array} = unserialize(stripslashes(serialize(${'_'.$array})));
}
}
But I tried and I got an error I'm unable to understand, for instance with ?name=O'Reilly
:
serialize($_GET); // a:1:{s:4:"name";s:9:"O\'Reilly";}
stripslashes(serialize($_GET)); // a:1:{s:4:"name";s:9:"O'Reilly";}
But unserialize(stripslashes(serialize($_GET)))
gives me this weird error:
Notice: unserialize(): Error at offset 30 of 32 bytes
EDIT: Due to the length attribute in serialize()
I changed the code to use JSON functions:
if (get_magic_quotes_gpc() === 1)
{
foreach (array('GET', 'POST', 'COOKIE', 'REQUEST') as $array)
{
${'_' . $array} = json_decode(stripslashes(json_encode(${'_' . $array})), true);
}
}
However now the $_GET
array is coming up empty, can anyone explain me why?
回答1:
I don't think the second version will work. Serialized strings are stored along with their length, if you are removing characters, you would need to update that length value. I would rather implement it this way to improve readability:
function strip_slashes_recursive(&$value) {
if (!is_array($value)) {
$value = strip_slashes($value);
} else {
foreach (array_keys($value) as $key) {
$arrayValue = strip_slashes_recursive($value[$key]);
unset($value[$key]);
$value[strip_slashes($key)] = $arrayValue;
}
}
}
foreach (array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST) as &$array) {
strip_slashes_recursive($array);
}
// don't forget to unset references or it can lead to very nasty bugs
unset($array);
回答2:
Solved it, I had to use the JSON_HEX_APOS
flag in json_encode()
:
if (get_magic_quotes_gpc() === 1)
{
$_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);
}
Before (mqgpc.php?name[got'cha]=O'Reilly
):
Array
(
[name] => Array
(
[got\'cha] => O\'Reilly
)
)
After (mqgpc.php?name[got'cha]=O'Reilly
):
Array
(
[name] => Array
(
[got'cha] => O'Reilly
)
)
回答3:
I usually solve that problem this way:
function smagic($params){
if(get_magic_quotes_gpc()){
if(!is_array($params))
return stripslashes($params);
else
return array_combine( array_map('stripslashes',array_keys($params)), array_map('smagic',array_values($params)) );
}
}
And then, for $_GET:
$_GET = smagic($_GET);
来源:https://stackoverflow.com/questions/2077711/php-shorter-magic-quotes-solution