[MDL-7668] Broken handling of magic quotes in admin settings and set_config in general - Moodle Tracker

XML

Word

Printable

Details

Type: Sub-task
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.7
Fix Version/s: 1.7.1, 1.8
Component/s: Administration
Labels:
None

Affected Branches:
MOODLE_17_STABLE
Fixed Branches:
MOODLE_17_STABLE, MOODLE_18_STABLE

Description

The problem is that there is no policy on quoting of data supplied to set_config() function. In either case it is broken, if the magic quotes are used the storage into db is ok, but the current value in $CFG->xx is updated incorrectly; if the value is not slashed it can not be stored into database.

The problem with admin settings is that the defaults values are sent into set_config() without magic quotes applied, but data submitted from user are with magic quotes.

Solution is to require values for set_config() to be unslashed and fix admin settings to strip the slashes from user submitted data.

working on a patch for 1.7.x and 1.8...

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

setconfig_quotes.patch
5 kB
24/Nov/06 3:36 PM

Activity

People

Assignee:: Petr Skoda

Reporter:: Petr Skoda

Tester:: Nobody

Participants:: Martin Dougiamas, Petr Skoda

Component watchers:: Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Nov/06 1:02 PM

Updated:: 17/Dec/10 9:21 PM

Resolved:: 28/Nov/06 12:56 AM

Fix Release Date:: 17/Jan/07