diff --git a/include/application.php b/include/application.php
index ff66bca..bf6fa47 100644
--- a/include/application.php
+++ b/include/application.php
@@ -450,10 +450,7 @@ class Application {
echo '| Application description | ',"\n";
echo ' |
',"\n";
- else
- echo $this->sDescription.'',"\n";
+ echo $this->sDescription.'',"\n";
echo "\n";
@@ -505,25 +502,13 @@ class Application {
$aClean['appWebpage'] = makeSafe($_REQUEST['appWebpage']);
$aClean['appKeywords'] = makeSafe($_REQUEST['appKeywords']);
- if(get_magic_quotes_gpc())
- {
- $this->iAppId = stripslashes($aClean['appId']);
- $this->sName = stripslashes($aClean['appName']);
- $this->sDescription = stripslashes($aClean['appDescription']);
- $this->iCatId = stripslashes($aClean['appCatId']);
- $this->iVendorId = stripslashes($aClean['appVendorId']);
- $this->sWebpage = stripslashes($aClean['appWebpage']);
- $this->sKeywords = stripslashes($aClean['appKeywords']);
- } else
- {
- $this->iAppId = $aClean['appId'];
- $this->sName = $aClean['appName'];
- $this->sDescription = $aClean['appDescription'];
- $this->iCatId = $aClean['appCatId'];
- $this->iVendorId = $aClean['appVendorId'];
- $this->sWebpage = $aClean['appWebpage'];
- $this->sKeywords = $aClean['appKeywords'];
- }
+ $this->iAppId = $aClean['appId'];
+ $this->sName = $aClean['appName'];
+ $this->sDescription = $aClean['appDescription'];
+ $this->iCatId = $aClean['appCatId'];
+ $this->iVendorId = $aClean['appVendorId'];
+ $this->sWebpage = $aClean['appWebpage'];
+ $this->sKeywords = $aClean['appKeywords'];
}
/* display this application */
diff --git a/include/distributions.php b/include/distributions.php
index cb4fdc7..4cd073a 100644
--- a/include/distributions.php
+++ b/include/distributions.php
@@ -367,17 +367,9 @@ class distribution{
$aClean['sName'] = makeSafe($_REQUEST['sName']);
$aClean['sUrl'] = makeSafe($_REQUEST['sUrl']);
- if(get_magic_quotes_gpc())
- {
- $this->iDistributionId = stripslashes($aClean['iDistributionId']);
- $this->sName = stripslashes($aClean['sName']);
- $this->sUrl = stripslashes($aClean['sUrl']);
- } else
- {
- $this->iDistributionId = $aClean['iDistributionId'];
- $this->sName = $aClean['sName'];
- $this->sUrl = $aClean['sUrl'];
- }
+ $this->iDistributionId = $aClean['iDistributionId'];
+ $this->sName = $aClean['sName'];
+ $this->sUrl = $aClean['sUrl'];
}
}
diff --git a/include/incl.php b/include/incl.php
index f4a7ebf..afa3639 100644
--- a/include/incl.php
+++ b/include/incl.php
@@ -13,6 +13,27 @@ require(BASE."include/menu.php");
require(BASE."include/html.php");
require(BASE."include/db.php");
+/* if magic quotes are enabled make sure the user disables them */
+/* otherwise they will see all kinds of odd effects that are difficult */
+/* to track down */
+if(get_magic_quotes_gpc())
+{
+ echo "Please disable the magic quotes GPC PHP setting. See this page for more information
";
+ echo "AppDB php code assumes magic quotes are disabled.
";
+ echo "Magic quotes are a bad idea for a few reasons.
";
+ echo "First is that php calls addslashes() on all \$_POST, \$_REQUEST and cookie variables ";
+ echo "if magic quotes is enabled. ";
+ echo "Ooooooh you say.
";
+ echo "\"Aren't magic quotes a convienent way to protect my php code from sql injection attacks?\"
";
+ echo "No! addslashes() isn't adequate. You should use mysql_real_escape_string() or some other function";
+ echo " that will handle multi-byte characters. See this article";
+ echo " for a way to exploit addslash()ed parameters.
";
+ echo "A second reason is that with magic quotes enabled, due to the use of mysql_real_escape_string() to";
+ echo " protect from sql injection attacks we'll end up with variables that have been addslash()ed and";
+ echo " mysql_real_escape_string()ed. So you end up having to call stripslashes() on EVERY variable. ";
+ exit;
+}
+
// create arrays
$sidebar_func_list = array();
$help_list = array();
diff --git a/include/testResults.php b/include/testResults.php
index dc1bfd2..b782e3a 100644
--- a/include/testResults.php
+++ b/include/testResults.php
@@ -574,35 +574,18 @@ class testData{
$aClean['sTestedRating'] = makeSafe($_REQUEST['sTestedRating']);
$aClean['sComments'] = makeSafe($_REQUEST['sComments']);
- if(get_magic_quotes_gpc())
- {
- $this->iTestingId = stripslashes($aClean['iTestingId']);
- $this->iVersionId = stripslashes($aClean['iVersionId']);
- $this->sWhatWorks = stripslashes($aClean['sWhatWorks']);
- $this->sWhatDoesnt = stripslashes($aClean['sWhatDoesnt']);
- $this->sWhatNotTested = stripslashes($aClean['sWhatNotTested']);
- $this->sTestedDate = stripslashes($aClean['sTestedDate']);
- $this->iDistributionId = stripslashes($aClean['iDistributionId']);
- $this->sTestedRelease = stripslashes($aClean['sTestedRelease']);
- $this->sInstalls = stripslashes($aClean['sInstalls']);
- $this->sRuns = stripslashes($aClean['sRuns']);
- $this->sTestedRating = stripslashes($aClean['sTestedRating']);
- $this->sComments = stripslashes($aClean['sComments']);
- } else
- {
- $this->iTestingId = $aClean['iTestingId'];
- $this->iVersionId = $aClean['iVersionId'];
- $this->sWhatWorks = $aClean['sWhatWorks'];
- $this->sWhatDoesnt = $aClean['sWhatDoesnt'];
- $this->sWhatNotTested = $aClean['sWhatNotTested'];
- $this->sTestedDate = $aClean['sTestedDate'];
- $this->iDistributionId = $aClean['iDistributionId'];
- $this->sTestedRelease = $aClean['sTestedRelease'];
- $this->sInstalls = $aClean['sInstalls'];
- $this->sRuns = $aClean['sRuns'];
- $this->sTestedRating = $aClean['sTestedRating'];
- $this->sComments = $aClean['sComments'];
- }
+ $this->iTestingId = $aClean['iTestingId'];
+ $this->iVersionId = $aClean['iVersionId'];
+ $this->sWhatWorks = $aClean['sWhatWorks'];
+ $this->sWhatDoesnt = $aClean['sWhatDoesnt'];
+ $this->sWhatNotTested = $aClean['sWhatNotTested'];
+ $this->sTestedDate = $aClean['sTestedDate'];
+ $this->iDistributionId = $aClean['iDistributionId'];
+ $this->sTestedRelease = $aClean['sTestedRelease'];
+ $this->sInstalls = $aClean['sInstalls'];
+ $this->sRuns = $aClean['sRuns'];
+ $this->sTestedRating = $aClean['sTestedRating'];
+ $this->sComments = $aClean['sComments'];
}
diff --git a/include/version.php b/include/version.php
index 30bf6bc..9a31a00 100644
--- a/include/version.php
+++ b/include/version.php
@@ -552,13 +552,7 @@ class Version {
echo '| Version description | ',"\n";
echo ' |
',"\n";
- else
- echo $this->sDescription.'',"\n";
+ echo $this->sDescription.'',"\n";
echo '',"\n";
@@ -612,23 +606,12 @@ class Version {
$aClean['maintainer_rating'] = makeSafe($_REQUEST['maintainer_rating']);
$aClean['maintainer_release'] = makeSafe($_REQUEST['maintainer_release']);
- if(get_magic_quotes_gpc())
- {
- $this->iAppId = stripslashes($aClean['appId']);
- $this->iVersionId = stripslashes($aClean['versionId']);
- $this->sName = stripslashes($aClean['versionName']);
- $this->sDescription = stripslashes($aClean['versionDescription']);
- $this->sTestedRating = stripslashes($aClean['maintainer_rating']);
- $this->sTestedRelease = stripslashes($aClean['maintainer_release']);
- } else
- {
- $this->iAppId = $aClean['appId'];
- $this->iVersionId = $aClean['versionId'];
- $this->sName = $aClean['versionName'];
- $this->sDescription = $aClean['versionDescription'];
- $this->sTestedRating = $aClean['maintainer_rating'];
- $this->sTestedRelease = $aClean['maintainer_release'];
- }
+ $this->iAppId = $aClean['appId'];
+ $this->iVersionId = $aClean['versionId'];
+ $this->sName = $aClean['versionName'];
+ $this->sDescription = $aClean['versionDescription'];
+ $this->sTestedRating = $aClean['maintainer_rating'];
+ $this->sTestedRelease = $aClean['maintainer_release'];
}
function display()