[pmwiki-users] PHP slashes (was ZAP Permissions and Includes)
crisses at kinhost.org
Fri Oct 13 09:18:34 CDT 2006
On Oct 13, 2006, at 9:35 AM, Patrick R. Michaud wrote:
> On Fri, Oct 13, 2006 at 07:01:04AM -0400, The Editor wrote:
>> By the way I've been looking into this and discovered the slashes are
>> only on the webserver, not my home system. Does anyone know if
>> this a
>> php glitch, or a configuration problem or what? I believe mine home
>> machine is php 4.4.2, and the server 4.4.4.
> It's probably a configuration setting on the webserver -- I'm guessing
> that magic_quotes_gpc has a different setting on each.
Magic Quotes are a "feature" that allows programmers that write for
databases to be more lazy and not have to explicitly addslashes.
However, each database has different vulnerabilities, and some have
built in "real slash" features that add slashes and protect their own
database from SQL injection attacks.
You (Caveman) aren't using SQL databases (yet) so you need to turn
the slashes off, but ONLY if they've been auto-invoked.
More information about the pmwiki-users