You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 148 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - PHP-Nuke Modules - Magic_Quotes [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

PHP-Nuke Modules - Magic_Quotes
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Modules
View previous topic Log in to check your private messages View next topic
Author Message
Phred
Nuke Soldier
Nuke Soldier


Joined: Jan 26, 2003
Posts: 28

Location: USA
PostPosted: Mon May 26, 2003 11:16 am Reply with quoteBack to top
I am again at the point where I stopped web site building a year ago. I am just DUMBFOUNDED by this PHP magic_quotes bs. It's bizarre.

1) what is PHP-Nuke's philosophy in mod development? My preliminary resarch thinks it's: a) assume magic_quotes is on, b) and even if magic_quotes ain't on it can't hurt to just stripslashes on all Post/Get user variables anyway, so PHP-Nuke is "portable". (I did not find tests for magic_quotes in my recent search of the nuke code).

2) What is "FixQuotes()"? - 100's of calls in so much of the code.

3) Is phpbb worries about adding slashes to GET/POST/COOKIE data really worth extra programming efforrt if magic_quotes is off? Is "SQL injection that bad?

4) Aside from "adding slashes to thwart SQL injection" what are the other situations where you should add slashes?

Are there resources particular to PHP-Nuke that address my questions? Where can I find them? Is PHP-Nuke adequately prepared for poratbility now and future in regards to magic_quotes?

One thing I agree with is someone said that magic quotes is the most poorly thought out procedure in PHP ever. I can't get started!

I also want to use a lot of user get/post input in my mods. Is there any attempt to list all the minor things with special cgharacters one can run into?
Find all posts by PhredView user's profileSend private message
ArtificialIntel



Joined: Jan 31, 2004
Posts: -88
PostPosted: Mon May 26, 2003 2:05 pm Reply with quoteBack to top
generally it's a security setting to have GPC_Magic_quotes turned on.

Yes, SQL injection really is that bad, it can bring down web sites, and can be used to redirect sites to other sites via posts etc. (news articles for example which were fixed in secfixpack3)

AI
Find all posts by ArtificialIntelView user's profileSend private message
Phred
Nuke Soldier
Nuke Soldier


Joined: Jan 26, 2003
Posts: 28

Location: USA
PostPosted: Mon May 26, 2003 11:30 pm Reply with quoteBack to top
Let me see if I am beginning to understand ...

Making sure that magic_quotes_gpc is on THWARTS all the SQL injection examples for php seen.

However, a stupid module developer could assume he is safe because magic_quotes is on but he could remove slashes with stripslashes and the SQL injection would work. Thus the only true way to avoid SQL injection is really by input validation, etc. ???
Find all posts by PhredView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Modules
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.178 Seconds - 202 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::