yidas / magic-quotes
Implement magic_quotes_gpc on PHP 5.4 above version for legacy code
Installs: 94
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Type:project
pkg:composer/yidas/magic-quotes
This package is auto-updated.
Last update: 2019-02-20 19:29:21 UTC
README
Implement magic_quotes_gpc on PHP 5.4 later version for legacy code
If you are migrating legacy source code to the enviorment with PHP version 5.4 above, but including lots of vulnerable DB query codes depending on Magic Quotes magic_quotes_gpc SQL protection. Just use this to run smoothly on new version PHP like old time.
As PHP's Warning for Magic Quotes:
Magic Quotes feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
DEMONSTRATION
print_r($_GET); MagicQuotesGpc::init(); print_r($_GET);
After visiting URL with query ?username=1' OR '1'='1, and the output will be:
Array ( [username] => 1' OR '1'='1 )
Array ( [username] => 1\' OR \'1\'=\'1 )
Recursive Input Data Concern
The recursive data input from $_POST, $_COOKIE even $_GET will be handled also:
$_POST['users'][0] = ['username'=>"1' OR '1'='1"]; print_r($_POST); MagicQuotesGpc::init(); print_r($_POST);
After simulating $_POST data assignment, the output will be:
Array ( [users] => Array ( [0] => Array ( [username] => 1' OR '1'='1 ) ) )
Array ( [users] => Array ( [0] => Array ( [username] => 1\' OR \'1\'=\'1 ) ) )
INSTALLATION
Install via Composer
Run Composer in your legacy project:
composer require yidas/magic-quotes
Then initialize it at the bootstrap of application such as config file:
require __DIR__ . '/vendor/autoload.php'; MagicQuotesGpc::init();
Install Directly by Loading Class
Load the MagicQuotesGpc.php and initialize it:
require __DIR__ . '/MagicQuotesGpc.php'; MagicQuotesGpc::init();