Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PHP7.4 and WebERP 14.5.1
04-10-2020, 05:36 AM,
#1
PHP7.4 and WebERP 14.5.1
get_magic_quotes_gpc() although depreciated before, the function was removed in the 7.4 release.

Is it possible to patch the the code to since I can only find three references to the function.

I attempted to patch the code with the following but was not successful.

I removed the following code at line 22 in login.php.
PHP Code:
if (get_magic_quotes_gpc()){
    echo 
'<p style="background:white">';
    echo 
_('Your webserver is configured to enable Magic Quotes. This may cause problems if you use punctuation (such as quotes) when doing data entry. You should contact your webmaster to disable Magic Quotes');
    echo 
'</p>';

I edited the following code in session.php starting at lines 62 and 71 as state below.
PHP Code:
        if (gettype($PostVariableValue) != 'array') {
            if(
get_magic_quotes_gpc()) {
                
$_POST['name'] = stripslashes($_POST['name']);
            }

            
$_POST[$PostVariableName] = DB_escape_string(htmlspecialchars($PostVariableValue,ENT_QUOTES,'UTF-8'));
        } else {
            foreach (
$PostVariableValue as $PostArrayKey => $PostArrayValue) {
                if(
get_magic_quotes_gpc()) {
                    
$PostVariableValue[$PostArrayKey] = stripslashes($value[$PostArrayKey]);
                }
                 
$_POST[$PostVariableName][$PostArrayKey] = DB_escape_string(htmlspecialchars($PostArrayValue,ENT_QUOTES,'UTF-8'));

            }
        } 
The edited code is exhibited below.
PHP Code:
if (gettype($PostVariableValue) != 'array') {
            
/*    if(get_magic_quotes_gpc()) {
                        $_POST['name'] = stripslashes($_POST['name']);
                    }
            */
            
$_POST['name'] = quote_smart($_POST['name']);
            
$_POST[$PostVariableName] = DB_escape_string(htmlspecialchars($PostVariableValueENT_QUOTES'UTF-8'));
        } else {
            foreach (
$PostVariableValue as $PostArrayKey => $PostArrayValue) {
                
/*
                 if(get_magic_quotes_gpc()) {
                    $PostVariableValue[$PostArrayKey] = stripslashes($value[$PostArrayKey]);
                    }
                */
                
$PostVariableValue[$PostArrayKey] = quote_smart($value[$PostArrayKey]);
                
$_POST[$PostVariableName][$PostArrayKey] = DB_escape_string(htmlspecialchars($PostArrayValueENT_QUOTES'UTF-8'));

            }
        } 
The new function quote_smart resides at line 324 in session.php.
PHP Code:
function quote_smart($value)
{
// Stripslashes 
    
if (phpversion() < "5.3") {
        if (
get_magic_quotes_gpc()) {
            
$value stripslashes($value);
        }
    }
// Quote if not integer 
    
if (!is_numeric($value)) {
        global 
$db;
        
$value "'" mysqli_real_escape_string($value$db) . "'";
    }
    return 
$value;


The error raised is:
ERROR Report : Security settings have not been defined for your user account. Please advise your system administrator. It could also be that there is a session problem with your PHP web server

The DisplayDateTime function is now undefined, a note in the code indicates that this issue was foreseen but not attended to until now.

Thanks in advance.

Regards

Reply


Messages In This Thread
PHP7.4 and WebERP 14.5.1 - by Confucius - 04-10-2020, 05:36 AM
RE: PHP7.4 and WebERP 14.5.1 - by falkoner - 04-10-2020, 07:36 AM
RE: PHP7.4 and WebERP 14.5.1 - by Confucius - 04-21-2020, 06:28 AM
RE: PHP7.4 and WebERP 14.5.1 - by falkoner - 04-21-2020, 07:40 AM
RE: PHP7.4 and WebERP 14.5.1 - by falkoner - 04-22-2020, 07:57 AM
RE: PHP7.4 and WebERP 14.5.1 - by Confucius - 04-23-2020, 04:21 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)