22 years ago by moshe doron — view source — reply

unread

could some1 explain the first if here (php_stripslashes:cybase mode)
http://lxr.php.net/source/php4/ext/standard/string.c#2324
that have nothing with slashes but with quotes?

could this if be removed safely?

tnx
moshe.

22 years ago by Sander Roobol — view source — reply

unread

could some1 explain the first if here (php_stripslashes:cybase mode)
http://lxr.php.net/source/php4/ext/standard/string.c#2324
that have nothing with slashes but with quotes?

Sybase escapes ' with '' and NUL with \0 so we needed a special
version of php_stripslashes().

Sander

could this if be removed safely?

tnx
moshe.

22 years ago by Jani Taskinen — view source — reply

unread

Heh..so magic_quotes_sybase ini setting affects how `stripslashes()`
function works too? Pretty high WTF factor there. It should be 
an additional option for php_stripslashes() that is passed where
appropriate.

--Jani

could some1 explain the first if here (php_stripslashes:cybase mode)
http://lxr.php.net/source/php4/ext/standard/string.c#2324
that have nothing with slashes but with quotes?

Sybase escapes ' with '' and NUL with \0 so we needed a special
version of php_stripslashes().

Sander

could this if be removed safely?

tnx
moshe.

--

--
<- For Sale!

22 years ago by Jan Schneider — view source — reply

unread

Quoting Jani Taskinen sniper@iki.fi:

Heh..so magic_quotes_sybase ini setting affects how `stripslashes()`
function works too? Pretty high WTF factor there. It should be
an additional option for php_stripslashes() that is passed where
appropriate.

As long as it affects addslashes() it should also affect stripslashes(). The
WTF factor would be even higher else.

could some1 explain the first if here (php_stripslashes:cybase mode)
http://lxr.php.net/source/php4/ext/standard/string.c#2324
that have nothing with slashes but with quotes?

Sybase escapes ' with '' and NUL with \0 so we needed a special
version of php_stripslashes().

Sander

could this if be removed safely?

Jan.

--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft

22 years ago by moshe doron — view source — reply

unread

there is one more problem just like the
http://bugs.php.net/bug.php?id=22904 bug

the problem is also for 'regular' magic mode.
the addslashes add slashes anly when the slash follow by ''' or '"' or
'\' but on stripslashes it's nuke all the slashes without considering whats
came after that.

here is 'first shoot' fix for both bugs (i didn't even compiled it) hope
i'll time to debug it and write test tomorrow

Index: string.c

RCS file: /repository/php4/ext/standard/string.c,v
retrieving revision 1.365
diff -u -r1.365 string.c
--- string.c 31 Mar 2003 12:08:31 -0000 1.365
+++ string.c 31 Mar 2003 15:36:28 -0000
@@ -2322,8 +2322,9 @@

if (PG(magic_quotes_sybase)) {
while (l > 0) {

l--;
if (*t == ''') {

if ((l > 0) && (t[1] == ''')) {

if ((l >= 0) && (t[1] == ''')) {
t++;
if (len != NULL) {
(*len)--;
@@ -2331,17 +2332,24 @@
l--;
}
*s++ = *t++;

} else if (*t == '\' && l > 0 && t[1] == '0') {

} else if (*t == '\' && l > 0) {
t++;
if (*t == '0') {
*s++='\0';

```
t += 2;
```
```
if (len != NULL) {
```
```
 (*len)--;
```
```
}
```
```
l--;
```

```
t++;
```
} else if (*s=='\'){
```
*s++ = *t++;
```
}else{
```
*s++; = '\\';
```
```
continue;
```
}
l--;
if (len != NULL) {
```
(*len)--;
```
}
} else {
*s++ = *t++;
}

l--;
}
*s = '\0';

@@ -2349,29 +2357,28 @@
}

while (l > 0) {

if (*t == '\') {
t++; /* skip the slash */
if (len != NULL) {
(*len)--;

l--;
if (*t == '\' && l > 0) {
t++;
if (*t == '0') {
*s++='\0';
t++;
} else if (*s=='\'||*s=='''||*s=='"'){
*s++ = *t++;
}else{
*s++; = '\';
continue;
}
l--;

if (l > 0) {
if (*t == '0') {
```
*s++='\0';
```
```
t++;
```
} else {

*s++ = *t++; /* preserve the next character */

}
l--;

if (len != NULL) {
(*len)--;
}
} else {
*s++ = *t++;

l--;
}
}
if (s != t) {
*s = '\0';
}

*s = '\0';

}
/* }}} */

@@ -2627,6 +2634,10 @@
case ''':
*target++ = ''';
*target++ = ''';

```
break;
```
case '\':
```
*target++ = '\\';
```
```
*target++ = '\\';
break;
```
default:
*target++ = *source;

"Jani Taskinen" sniper@iki.fi wrote in message
news:Pine.LNX.4.44.0303311658560.26826-100000@cs78146114.pp.htv.fi...

Heh..so magic_quotes_sybase ini setting affects how `stripslashes()`
function works too? Pretty high WTF factor there. It should be
an additional option for php_stripslashes() that is passed where
appropriate.

--Jani
could some1 explain the first if here (php_stripslashes:cybase mode)
http://lxr.php.net/source/php4/ext/standard/string.c#2324
that have nothing with slashes but with quotes?

Sybase escapes ' with '' and NUL with \0 so we needed a special
version of php_stripslashes().

Sander

could this if be removed safely?

tnx
moshe.

--

--
<- For Sale!

22 years ago by moshe doron — view source — reply

unread

the problem is also for 'regular' magic mode.
the addslashes add slashes anly when the slash follow by ''' or '"' or
'\' but on stripslashes it's nuke all the slashes without considering whats
came after that.

well, since magic mode could be corrupted if we handy playing with the string, e.g. adding slash into string, i wrong here. the only problem was the reported bug thats now fixed on the cvs. this fix also addslashes no matter sybase or not but still exist delte between sybase and regular mode regrading the way quotes are manipulating.

regrading the WTF factor, sincs add\strip slash function main, if not only, target is database related, caution on the documentation is enough. otherwise, u may want complatly fork php_slashes into php_magic, thats olso contains the check if magic mode set on.

22 years ago by moshe doron — view source — reply

unread

well, since magic mode could be corrupted if we handly playing with the string, e.g. adding slash into string, i wrong here. the only problem was the reported bug thats now fixed on the cvs. this fix also addslashes no matter sybase or not but still exist delte between sybase and regular mode regrading the way quotes are manipulating.

i must put disclaimer here: this can break scripts that used asdslashes with magic quotes off for sybase. on the other hand, leaving the code as it was, make the used of magic quotes usless for some situations (e.g u have forum for programers and the massages contains code with '\0') so this change may won't go into the PHP_4_3.

regrading the WTF factor, sincs add\strip slash function main, if not only, target is database related, caution on the documentation is enough. otherwise, u may want complatly fork php_slashes into php_magic, thats olso contains the check if magic mode set on.

this can be comprehend solution. i'm +1 for it.

22 years ago by moshe doron — view source — reply

unread

"Sander Roobol" sander@php.net wrote in message
news:20030331131228.GA2502@lxr...

could some1 explain the first if here (php_stripslashes:cybase mode)
http://lxr.php.net/source/php4/ext/standard/string.c#2324
that have nothing with slashes but with quotes?

Sybase escapes ' with '' and NUL with \0 so we needed a special
version of php_stripslashes().

ok stupid me, i didn't realized that php_*slashes are just intended to deal
with magic mode.

magic_quotes_sybase and php_stripslashes

Index: string.c