yidas / magic-quotes
Implement magic_quotes_gpc on PHP 5.4 above version for legacy code
Installs: 89
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Type:project
This package is auto-updated.
Last update: 2019-02-20 19:29:21 UTC
README
Implement magic_quotes_gpc on PHP 5.4 later version for legacy code
If you are migrating legacy source code to the enviorment with PHP version 5.4 above, but including lots of vulnerable DB query codes depending on Magic Quotes magic_quotes_gpc
SQL protection. Just use this to run smoothly on new version PHP like old time.
As PHP's Warning for Magic Quotes:
Magic Quotes feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
DEMONSTRATION
print_r($_GET); MagicQuotesGpc::init(); print_r($_GET);
After visiting URL with query ?username=1' OR '1'='1
, and the output will be:
Array ( [username] => 1' OR '1'='1 )
Array ( [username] => 1\' OR \'1\'=\'1 )
Recursive Input Data Concern
The recursive data input from $_POST
, $_COOKIE
even $_GET
will be handled also:
$_POST['users'][0] = ['username'=>"1' OR '1'='1"]; print_r($_POST); MagicQuotesGpc::init(); print_r($_POST);
After simulating $_POST
data assignment, the output will be:
Array ( [users] => Array ( [0] => Array ( [username] => 1' OR '1'='1 ) ) )
Array ( [users] => Array ( [0] => Array ( [username] => 1\' OR \'1\'=\'1 ) ) )
INSTALLATION
Install via Composer
Run Composer in your legacy project:
composer require yidas/magic-quotes
Then initialize it at the bootstrap of application such as config
file:
require __DIR__ . '/vendor/autoload.php'; MagicQuotesGpc::init();
Install Directly by Loading Class
Load the MagicQuotesGpc.php
and initialize it:
require __DIR__ . '/MagicQuotesGpc.php'; MagicQuotesGpc::init();