Actions

Difference between revisions of "Magic quotes and security"

From Joomla! Documentation

(Remove stuff about magic quotes being good ...........)
 
Line 1: Line 1:
 +
{{version|2.5,3.x}}
 
'''''This PHP feature has been depreciated as of PHP 5.3.0 (30-06-2009) and has been removed from php as of PHP 5.4.0.'''''
 
'''''This PHP feature has been depreciated as of PHP 5.3.0 (30-06-2009) and has been removed from php as of PHP 5.4.0.'''''
  

Latest revision as of 19:09, 1 September 2013

This PHP feature has been depreciated as of PHP 5.3.0 (30-06-2009) and has been removed from php as of PHP 5.4.0.

Joomla! 3.0 and above requires magic_quotes_gpc to be set to off and will not install if magic_quotes_gpc is on.
Joomla! advises magic_quotes_gpc to be set to off when using Joomla 2.5.xx.

JRequest automatically takes into account the setting of magic_quotes_gpc and adjusts accordingly. If developers are using JRequest to request input then the actual value of the setting doesn't matter. If developers aren't using it then they will have to take the setting of magic_quotes_gpc into account (for this reason it is still common practice for developers to use JRequest in Joomla 2.5 - even though it is deprecated).

JInput does not take this into account, however due to Joomla 3.x and higher requiring that magic quotes are disabled - this is no longer a problem.

For more on PHP Manual, Chapter 31. Magic Quotes.