One concern that I have is the requirement of magic_quotes_gpc to Off during installation. If you have a flexible host and they allow you to modify or override the php.ini, everything's OK (after a bit of work to make the code changes). However, if you don't have a flexible host you might be stuck or have to migrate hosts. Additionally, what happens when some of the 2.5 users start upgrading to 3.0? We currently do not have a pre-upgrade check for magic_quotes_gpc = Off, so that would result in strange bugs.
In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but rather just a recommendation. In Joomla 3, it is a requirement. I recommend that we make magic_quotes_gpc = Off a recommendation (rather than a requirement) for Joomla 3.
The con to making it a recommendation (rather than a requirement): 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as they would if it was Off.
The Pros to making it a recommendation (rather than a requirement): 1) Those sites with magic_quotes_gpc = On, would be able to use Joomla 3.
To me, the pro definitely outweighs the con. Also, if they wanted to, they could go through the work of turning off magic_quotes_gpc (it just wouldn't be a requirement).
In short, it's a win/win situation for everyone if magic_quotes_gpc to Off was not a requirement, but rather just a recommendation.
If we decided to go that route, basically it would involve unescpaing all input data before we start to handle the request.
Indeed.
In fact, with the experience we have of the very slooooow move from most hosts to propose php 5 in the past years, we do know that it will take much time to gets hosts setting magic_quotes_gpc = Off. (Even Rochen does not do it on its shared servers)
We already have difficulties to get the the maority of our users to move from 1.5 to 2.5.
It is not the time IMHO to release an 3.x reserved to a few.
As far as I understand this requires some code change that could be done in CMS only
Regards
JM
Le vendredi 10 août 2012 19:26:45 UTC+2, Nick Savov a écrit :
> Joomla 3 is looking great! Great job to everyone!
> One concern that I have is the requirement of magic_quotes_gpc to Off > during installation. If you have a flexible host and they allow you to > modify or override the php.ini, everything's OK (after a bit of work to > make the code changes). However, if you don't have a flexible host you > might be stuck or have to migrate hosts. Additionally, what happens when > some of the 2.5 users start upgrading to 3.0? We currently do not have a > pre-upgrade check for magic_quotes_gpc = Off, so that would result in > strange bugs.
> In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but rather > just a recommendation. In Joomla 3, it is a requirement. I recommend that > we make magic_quotes_gpc = Off a recommendation (rather than a requirement) > for Joomla 3.
> The con to making it a recommendation (rather than a requirement):
> 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as they > would if it was Off.
> The Pros to making it a recommendation (rather than a requirement):
> 1) Those sites with magic_quotes_gpc = On, would be able to use Joomla 3.
> To me, the pro definitely outweighs the con. Also, if they wanted to, > they could go through the work of turning off magic_quotes_gpc (it just > wouldn't be a requirement).
> In short, it's a win/win situation for everyone if magic_quotes_gpc to Off > was not a requirement, but rather just a recommendation.
> If we decided to go that route, basically it would involve unescpaing all > input data before we start to handle the request.
Magic quotes is deprecated in PHP 5.3 and scheduled for removal in 5.4. IMO, it was a well intentioned, but bad idea that should be removed from PHP. It's best for the platform to manage escaping, rather than to rely upon (or have to discover and then undo) another "dumb" process for such an important function.
Not even sure this should be an installation check for the CMS, though, since the php.ini setting is automatically disabled during startup, even in the current release.
On Friday, August 10, 2012 12:26:45 PM UTC-5, Nick Savov wrote:
> Hi everyone,
> Joomla 3 is looking great! Great job to everyone!
> One concern that I have is the requirement of magic_quotes_gpc to Off > during installation. If you have a flexible host and they allow you to > modify or override the php.ini, everything's OK (after a bit of work to > make the code changes). However, if you don't have a flexible host you > might be stuck or have to migrate hosts. Additionally, what happens when > some of the 2.5 users start upgrading to 3.0? We currently do not have a > pre-upgrade check for magic_quotes_gpc = Off, so that would result in > strange bugs.
> In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but rather > just a recommendation. In Joomla 3, it is a requirement. I recommend that > we make magic_quotes_gpc = Off a recommendation (rather than a requirement) > for Joomla 3.
> The con to making it a recommendation (rather than a requirement): > 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as they > would if it was Off.
> The Pros to making it a recommendation (rather than a requirement): > 1) Those sites with magic_quotes_gpc = On, would be able to use Joomla 3.
> To me, the pro definitely outweighs the con. Also, if they wanted to, > they could go through the work of turning off magic_quotes_gpc (it just > wouldn't be a requirement).
> In short, it's a win/win situation for everyone if magic_quotes_gpc to Off > was not a requirement, but rather just a recommendation.
> If we decided to go that route, basically it would involve unescpaing all > input data before we start to handle the request.
Looks like the code is checking for magic_quotes_runtime rather than
magic_quotes_gpc and that the two are different. If I try installing
Joomla 3 on our Rochen server, I can't get past the pre-install check
because magic_quotes_gpc = On, so the code:
@ini_set('magic_quotes_runtime', 0);
> Magic quotes is deprecated in PHP 5.3 and scheduled for removal in 5.4.
> IMO, it was a well intentioned, but bad idea that should be removed from
> PHP. It's best for the platform to manage escaping, rather than to rely
> upon (or have to discover and then undo) another "dumb" process for such
> an
> important function.
> Not even sure this should be an installation check for the CMS, though,
> since the php.ini setting is automatically disabled during startup, even
> in
> the current release.
> Might be better to discuss on the Platform list.
> On Friday, August 10, 2012 12:26:45 PM UTC-5, Nick Savov wrote:
>> Hi everyone,
>> Joomla 3 is looking great! Great job to everyone!
>> One concern that I have is the requirement of magic_quotes_gpc to Off
>> during installation. If you have a flexible host and they allow you to
>> modify or override the php.ini, everything's OK (after a bit of work to
>> make the code changes). However, if you don't have a flexible host you
>> might be stuck or have to migrate hosts. Additionally, what happens
>> when
>> some of the 2.5 users start upgrading to 3.0? We currently do not have
>> a
>> pre-upgrade check for magic_quotes_gpc = Off, so that would result in
>> strange bugs.
>> In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but rather
>> just a recommendation. In Joomla 3, it is a requirement. I recommend
>> that
>> we make magic_quotes_gpc = Off a recommendation (rather than a
>> requirement)
>> for Joomla 3.
>> The con to making it a recommendation (rather than a requirement):
>> 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as they
>> would if it was Off.
>> The Pros to making it a recommendation (rather than a requirement):
>> 1) Those sites with magic_quotes_gpc = On, would be able to use Joomla
>> 3.
>> To me, the pro definitely outweighs the con. Also, if they wanted to,
>> they could go through the work of turning off magic_quotes_gpc (it just
>> wouldn't be a requirement).
>> In short, it's a win/win situation for everyone if magic_quotes_gpc to
>> Off
>> was not a requirement, but rather just a recommendation.
>> If we decided to go that route, basically it would involve unescpaing
>> all
>> input data before we start to handle the request.
>> Kind regards,
>> Nick
> --
> You received this message because you are subscribed to the Google Groups
> "Joomla! CMS Development" group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msg/joomla-dev-cms/-/5GTURweINJIJ.
> To post to this group, send an email to joomla-dev-cms@googlegroups.com.
> To unsubscribe from this group, send email to
> joomla-dev-cms+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
I would ask on the platform list if either the current 'runtime' is enough,
or if 'gpc' can also be disabled and if disabling both would then
effectively remove the need for the CMS to check the magic quotes
configuration during install.
The platform is doing the escaping and my gut feel is they aren't going to
want to add 'antiquated' magic quote text to the new JInput class.
The CMS controls the boot sequence files (that I linked to) and very
recently took control of the installation process - so if the platform team
concurs, you might be able to bi-pass the install step due to what is there
or, as you have pointed out, adding the gpc disable.
That would be ideal. But, it would be important to ask about this on the
platform list since I am not certain and they are the ones to advise on
this.
> Looks like the code is checking for magic_quotes_runtime rather than
> magic_quotes_gpc and that the two are different. If I try installing
> Joomla 3 on our Rochen server, I can't get past the pre-install check
> because magic_quotes_gpc = On, so the code:
> @ini_set('magic_quotes_runtime', 0);
> so this is still an issue, IMO. At the very least, we need a pre-upgrade
> check when users go from Joomla 2.5.x to Joomla 3.
> What are your thoughts based on the above information?
> Kind regards,
> Nick
> > Magic quotes is deprecated in PHP 5.3 and scheduled for removal in 5.4.
> > IMO, it was a well intentioned, but bad idea that should be removed from
> > PHP. It's best for the platform to manage escaping, rather than to rely
> > upon (or have to discover and then undo) another "dumb" process for such
> > an
> > important function.
> > Not even sure this should be an installation check for the CMS, though,
> > since the php.ini setting is automatically disabled during startup, even
> > in
> > the current release.
> > Might be better to discuss on the Platform list.
> > On Friday, August 10, 2012 12:26:45 PM UTC-5, Nick Savov wrote:
> >> Hi everyone,
> >> Joomla 3 is looking great! Great job to everyone!
> >> One concern that I have is the requirement of magic_quotes_gpc to Off
> >> during installation. If you have a flexible host and they allow you to
> >> modify or override the php.ini, everything's OK (after a bit of work to
> >> make the code changes). However, if you don't have a flexible host you
> >> might be stuck or have to migrate hosts. Additionally, what happens
> >> when
> >> some of the 2.5 users start upgrading to 3.0? We currently do not have
> >> a
> >> pre-upgrade check for magic_quotes_gpc = Off, so that would result in
> >> strange bugs.
> >> In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but rather
> >> just a recommendation. In Joomla 3, it is a requirement. I recommend
> >> that
> >> we make magic_quotes_gpc = Off a recommendation (rather than a
> >> requirement)
> >> for Joomla 3.
> >> The con to making it a recommendation (rather than a requirement):
> >> 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as they
> >> would if it was Off.
> >> The Pros to making it a recommendation (rather than a requirement):
> >> 1) Those sites with magic_quotes_gpc = On, would be able to use Joomla
> >> 3.
> >> To me, the pro definitely outweighs the con. Also, if they wanted to,
> >> they could go through the work of turning off magic_quotes_gpc (it just
> >> wouldn't be a requirement).
> >> In short, it's a win/win situation for everyone if magic_quotes_gpc to
> >> Off
> >> was not a requirement, but rather just a recommendation.
> >> If we decided to go that route, basically it would involve unescpaing
> >> all
> >> input data before we start to handle the request.
> >> Kind regards,
> >> Nick
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Joomla! CMS Development" group.
> > To view this discussion on the web, visit
> > https://groups.google.com/d/msg/joomla-dev-cms/-/5GTURweINJIJ.
> > To post to this group, send an email to joomla-dev-cms@googlegroups.com.
> > To unsubscribe from this group, send email to
> > joomla-dev-cms+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
> --
> You received this message because you are subscribed to the Google Groups
> "Joomla! CMS Development" group.
> To post to this group, send an email to joomla-dev-cms@googlegroups.com.
> To unsubscribe from this group, send email to
> joomla-dev-cms+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
> I would ask on the platform list if either the current 'runtime' is
> enough,
> or if 'gpc' can also be disabled and if disabling both would then
> effectively remove the need for the CMS to check the magic quotes
> configuration during install.
> The platform is doing the escaping and my gut feel is they aren't going to
> want to add 'antiquated' magic quote text to the new JInput class.
> The CMS controls the boot sequence files (that I linked to) and very
> recently took control of the installation process - so if the platform
> team
> concurs, you might be able to bi-pass the install step due to what is
> there
> or, as you have pointed out, adding the gpc disable.
> That would be ideal. But, it would be important to ask about this on the
> platform list since I am not certain and they are the ones to advise on
> this.
> On Fri, Aug 10, 2012 at 2:22 PM, Nick Savov <n...@iowawebcompany.com>
> wrote:
>> Looks like the code is checking for magic_quotes_runtime rather than
>> magic_quotes_gpc and that the two are different. If I try installing
>> Joomla 3 on our Rochen server, I can't get past the pre-install check
>> because magic_quotes_gpc = On, so the code:
>> @ini_set('magic_quotes_runtime', 0);
>> so this is still an issue, IMO. At the very least, we need a pre-upgrade
>> check when users go from Joomla 2.5.x to Joomla 3.
>> What are your thoughts based on the above information?
>> Kind regards,
>> Nick
>> > Magic quotes is deprecated in PHP 5.3 and scheduled for removal in
>> 5.4.
>> > IMO, it was a well intentioned, but bad idea that should be removed
>> from
>> > PHP. It's best for the platform to manage escaping, rather than to
>> rely
>> > upon (or have to discover and then undo) another "dumb" process for
>> such
>> > an
>> > important function.
>> > Not even sure this should be an installation check for the CMS,
>> though,
>> > since the php.ini setting is automatically disabled during startup,
>> even
>> > in
>> > the current release.
>> > Might be better to discuss on the Platform list.
>> > On Friday, August 10, 2012 12:26:45 PM UTC-5, Nick Savov wrote:
>> >> Hi everyone,
>> >> Joomla 3 is looking great! Great job to everyone!
>> >> One concern that I have is the requirement of magic_quotes_gpc to Off
>> >> during installation. If you have a flexible host and they allow you
>> to
>> >> modify or override the php.ini, everything's OK (after a bit of work
>> to
>> >> make the code changes). However, if you don't have a flexible host
>> you
>> >> might be stuck or have to migrate hosts. Additionally, what happens
>> >> when
>> >> some of the 2.5 users start upgrading to 3.0? We currently do not
>> have
>> >> a
>> >> pre-upgrade check for magic_quotes_gpc = Off, so that would result in
>> >> strange bugs.
>> >> In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but
>> rather
>> >> just a recommendation. In Joomla 3, it is a requirement. I recommend
>> >> that
>> >> we make magic_quotes_gpc = Off a recommendation (rather than a
>> >> requirement)
>> >> for Joomla 3.
>> >> The con to making it a recommendation (rather than a requirement):
>> >> 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as
>> they
>> >> would if it was Off.
>> >> The Pros to making it a recommendation (rather than a requirement):
>> >> 1) Those sites with magic_quotes_gpc = On, would be able to use
>> Joomla
>> >> 3.
>> >> To me, the pro definitely outweighs the con. Also, if they wanted
>> to,
>> >> they could go through the work of turning off magic_quotes_gpc (it
>> just
>> >> wouldn't be a requirement).
>> >> In short, it's a win/win situation for everyone if magic_quotes_gpc
>> to
>> >> Off
>> >> was not a requirement, but rather just a recommendation.
>> >> If we decided to go that route, basically it would involve unescpaing
>> >> all
>> >> input data before we start to handle the request.
>> >> Kind regards,
>> >> Nick
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Joomla! CMS Development" group.
>> > To view this discussion on the web, visit
>> > https://groups.google.com/d/msg/joomla-dev-cms/-/5GTURweINJIJ.
>> > To post to this group, send an email to
>> joomla-dev-cms@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > joomla-dev-cms+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
>> --
>> You received this message because you are subscribed to the Google
>> Groups
>> "Joomla! CMS Development" group.
>> To post to this group, send an email to joomla-dev-cms@googlegroups.com.
>> To unsubscribe from this group, send email to
>> joomla-dev-cms+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
> --
> You received this message because you are subscribed to the Google Groups
> "Joomla! CMS Development" group.
> To post to this group, send an email to joomla-dev-cms@googlegroups.com.
> To unsubscribe from this group, send email to
> joomla-dev-cms+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
You are right, that line I pointed to during system bootup will not take care of this issue. magic_quotes_gpc must be handled at a system level. Here's a better reference on the gpc magic quotes http://www.php.net/manual/en/security.magicquotes.disabling.php
Maybe the platform will continue support for assuming this php directive is turned on (like example 2 on the link above.) Seems a shame to run all traffic through that logic to turn off what should have never been activated to begin with, it does penalize those sites using better hosts.
Or, maybe the CMS can add a system plugin that can be activated for such sites to disable the option? Not sure if an event fires at the right time, tho. Maybe the platform would add one if they don't want to add the escaping logic back?
If the installation requirement remains, the problem could be addressed by providing information to those who need it. Perhaps a little asterisk by the failed install option linking to a Wiki document that explains how to deactivate this option if ones host is forcing it on. example from Godaddy - http://support.godaddy.com/groups/web-hosting/forum/topic/how-to-turn...
On Friday, August 10, 2012 12:26:45 PM UTC-5, Nick Savov wrote:
> Hi everyone,
> Joomla 3 is looking great! Great job to everyone!
> One concern that I have is the requirement of magic_quotes_gpc to Off > during installation. If you have a flexible host and they allow you to > modify or override the php.ini, everything's OK (after a bit of work to > make the code changes). However, if you don't have a flexible host you > might be stuck or have to migrate hosts. Additionally, what happens when > some of the 2.5 users start upgrading to 3.0? We currently do not have a > pre-upgrade check for magic_quotes_gpc = Off, so that would result in > strange bugs.
> In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but rather > just a recommendation. In Joomla 3, it is a requirement. I recommend that > we make magic_quotes_gpc = Off a recommendation (rather than a requirement) > for Joomla 3.
> The con to making it a recommendation (rather than a requirement): > 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as they > would if it was Off.
> The Pros to making it a recommendation (rather than a requirement): > 1) Those sites with magic_quotes_gpc = On, would be able to use Joomla 3.
> To me, the pro definitely outweighs the con. Also, if they wanted to, > they could go through the work of turning off magic_quotes_gpc (it just > wouldn't be a requirement).
> In short, it's a win/win situation for everyone if magic_quotes_gpc to Off > was not a requirement, but rather just a recommendation.
> If we decided to go that route, basically it would involve unescpaing all > input data before we start to handle the request.
I agree with you. Very good points. Adding one more little vote for making GPC off NOT a requirement, but just a recommendation.
Why imho: 1) we want to spread Joomla as broad as possible, and thus user's mandatory hosting hassles should be kept as low as possible 2) the extra-cost to sites with GPC OFF is only a single "if" line statement, that is executed once when _REQUEST is parsed, so virtually nothing compared to rest of Joomla's heavy code. 3) a lot of people will migrate from 1.5 directly to 3.x, usually into a sub-folder, and having the requirement for a separate hosting setup is not really friendly.
On Friday, August 10, 2012 7:26:45 PM UTC+2, Nick Savov wrote:
> Hi everyone,
> Joomla 3 is looking great! Great job to everyone!
> One concern that I have is the requirement of magic_quotes_gpc to Off > during installation. If you have a flexible host and they allow you to > modify or override the php.ini, everything's OK (after a bit of work to > make the code changes). However, if you don't have a flexible host you > might be stuck or have to migrate hosts. Additionally, what happens when > some of the 2.5 users start upgrading to 3.0? We currently do not have a > pre-upgrade check for magic_quotes_gpc = Off, so that would result in > strange bugs.
> In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but rather > just a recommendation. In Joomla 3, it is a requirement. I recommend that > we make magic_quotes_gpc = Off a recommendation (rather than a requirement) > for Joomla 3.
> The con to making it a recommendation (rather than a requirement): > 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as they > would if it was Off.
> The Pros to making it a recommendation (rather than a requirement): > 1) Those sites with magic_quotes_gpc = On, would be able to use Joomla 3.
> To me, the pro definitely outweighs the con. Also, if they wanted to, > they could go through the work of turning off magic_quotes_gpc (it just > wouldn't be a requirement).
> In short, it's a win/win situation for everyone if magic_quotes_gpc to Off > was not a requirement, but rather just a recommendation.
> If we decided to go that route, basically it would involve unescpaing all > input data before we start to handle the request.
I confirm. This pre-check blocks under MacOS MAMP. I have try to set a php.ini with the "magic_quotes_gpc on" and "magic_quotes_runtime on" and with a .htaccess with "php_flag magic_quotes_gpc on" But it doesn't seems to work.
I will test harder ... but if a solution (like an hack on the famous "if" statment ( where ?)) can help, thank you.
> I confirm. This pre-check blocks under MacOS MAMP.
> I have try to set a php.ini with the "magic_quotes_gpc on" and "magic_quotes_runtime on"
> and with a .htaccess with "php_flag magic_quotes_gpc on"
> But it doesn't seems to work.
> I will test harder ... but if a solution (like an hack on the famous "if" statment ( where ?)) can help, thank you.
> -- > You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
> To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/Rz1hsu1QgyEJ.
> To post to this group, send an email to joomla-dev-cms@googlegroups.com.
> To unsubscribe from this group, send email to joomla-dev-cms+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
LOL …. oops, thank you Rouven, i have read this topic... hum, but it seems that i won't be enough concentrate, i have replace Off by On in all my tests (oops) without really thinking about the meaning !
So, i correct my test, by just renaming the htaccess.txt by .htaccess and add the following command line at top of my .htaccess before launching Joomla installation, it works ok on MacOS MAMP :
php_flag magic_quotes_gpc off
Thank you for the help ;)
Now the question is (as it has been said earlier in this topic) : - does this pre-check will be maintain as we know that several hosters force the value at "On" ?
On Friday, August 10, 2012 12:48:32 PM UTC-5, infograf768 wrote:
> Indeed.
> In fact, with the experience we have of the very slooooow move from most > hosts to propose php 5 in the past years, we do know that it will take much > time to gets hosts setting magic_quotes_gpc = Off. (Even Rochen does not do > it on its shared servers)
> We already have difficulties to get the the maority of our users to move > from 1.5 to 2.5.
> It is not the time IMHO to release an 3.x reserved to a few.
> As far as I understand this requires some code change that could be done > in CMS only
> Regards
> JM
> Le vendredi 10 août 2012 19:26:45 UTC+2, Nick Savov a écrit :
>> Hi everyone,
>> Joomla 3 is looking great! Great job to everyone!
>> One concern that I have is the requirement of magic_quotes_gpc to Off >> during installation. If you have a flexible host and they allow you to >> modify or override the php.ini, everything's OK (after a bit of work to >> make the code changes). However, if you don't have a flexible host you >> might be stuck or have to migrate hosts. Additionally, what happens when >> some of the 2.5 users start upgrading to 3.0? We currently do not have a >> pre-upgrade check for magic_quotes_gpc = Off, so that would result in >> strange bugs.
>> In Joomla 2.5, magic_quotes_gpc to Off was not a requirement, but rather >> just a recommendation. In Joomla 3, it is a requirement. I recommend that >> we make magic_quotes_gpc = Off a recommendation (rather than a requirement) >> for Joomla 3.
>> The con to making it a recommendation (rather than a requirement):
>> 1) Those sites with magic_quotes_gpc = On, wouldn't run as fast as they >> would if it was Off.
>> The Pros to making it a recommendation (rather than a requirement):
>> 1) Those sites with magic_quotes_gpc = On, would be able to use Joomla 3.
>> To me, the pro definitely outweighs the con. Also, if they wanted to, >> they could go through the work of turning off magic_quotes_gpc (it just >> wouldn't be a requirement).
>> In short, it's a win/win situation for everyone if magic_quotes_gpc to >> Off was not a requirement, but rather just a recommendation.
>> If we decided to go that route, basically it would involve unescpaing all >> input data before we start to handle the request.
I tried everything to fix the double quotes (") being escaped (\") .
I tried disabling magic_qotes any way possible but this did not worked! The only solution I found was editing [b]library/joomla/input/filter/input.php[/b].
[b]Function clean (line 159)[/b]
[code]public function clean($source, $type = 'string') {
// Handle the type constraint switch (strtoupper($type)) { case 'INT':[/code]
as follow:
[code]public function clean($source, $type = 'string') {
Be aware that turning magic_quotes_gpc to off for 3.0+ installation to be successful won't solve your problems.
Changing the .htaccess file and placing it in in your installation directory, will allow the successful installation only but you'll find, later on, if your server is using php 5.3+, that it won't work and you'll get a bunch of bugs all over the place. with slashes ( \ ) being overloaded every time you save data that should quoted to the database.
For instance, your script saves the data "The President's dog" and when you retrieve it from your db, it will be rendered as "The President\'s dog". Now save it again and again and you start getting "The President\\\\\\\\'s dog". Unless you place the similar .htaccess file in every directory, which is unthinkable, you'll find that you really have to change the server's php configuration and there turn magic_quotes_gpc to off.
Severs running php 5.3+ should, by default have magic_quotes_gpc = off since, as it was mention above, the function is deprecated and scheduled for removal on php 5.4.
Sorry, but this list is for Joomla Core CMS developers and discussion of
how to improve the CMS. If you're still having the issue, you should
instead ask on the Joomla forum. Here's the direct link to it:
forum.joomla.org/
After posting on there, reply to this email with a link to the forum post
so that we can follow up and help you out on there.
> I try creating php.ini but it still doesn't work
> --
> You received this message because you are subscribed to the Google Groups
> "Joomla! CMS Development" group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msg/joomla-dev-cms/-/MaRMmIsqO2oJ.
> To post to this group, send an email to joomla-dev-cms@googlegroups.com.
> To unsubscribe from this group, send email to
> joomla-dev-cms+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
