yidas/magic-quotes

This package is abandoned and no longer maintained. The author suggests using the yidas/magic-quotes-gpc package instead.

Implement magic_quotes_gpc on PHP 5.4 above version for legacy code

1.1.0 2018-03-24 07:29 UTC

This package is auto-updated.

Last update: 2019-02-20 19:29:21 UTC


README

Implement magic_quotes_gpc on PHP 5.4 later version for legacy code

Latest Stable Version Latest Unstable Version License

If you are migrating legacy source code to the enviorment with PHP version 5.4 above, but including lots of vulnerable DB query codes depending on Magic Quotes magic_quotes_gpc SQL protection. Just use this to run smoothly on new version PHP like old time.

As PHP's Warning for Magic Quotes:

Magic Quotes feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

DEMONSTRATION

print_r($_GET);
MagicQuotesGpc::init();
print_r($_GET);

After visiting URL with query ?username=1' OR '1'='1, and the output will be:

Array ( [username] => 1' OR '1'='1 ) 
Array ( [username] => 1\' OR \'1\'=\'1 )

Recursive Input Data Concern

The recursive data input from $_POST, $_COOKIE even $_GET will be handled also:

$_POST['users'][0] = ['username'=>"1' OR '1'='1"];
print_r($_POST);
MagicQuotesGpc::init();
print_r($_POST);

After simulating $_POST data assignment, the output will be:

Array ( [users] => Array ( [0] => Array ( [username] => 1' OR '1'='1 ) ) ) 
Array ( [users] => Array ( [0] => Array ( [username] => 1\' OR \'1\'=\'1 ) ) )

INSTALLATION

Install via Composer

Run Composer in your legacy project:

composer require yidas/magic-quotes

Then initialize it at the bootstrap of application such as config file:

require __DIR__ . '/vendor/autoload.php';
MagicQuotesGpc::init();

Install Directly by Loading Class

Load the MagicQuotesGpc.php and initialize it:

require __DIR__ . '/MagicQuotesGpc.php';
MagicQuotesGpc::init();