NYCPHP Meetup

NYPHP.org

[joomla] PHP magic_quotes_gpc

Scott Wolpow scott at wolpow.com
Sat Oct 24 17:02:43 EDT 2009


Having that exact problem with an import function for Adsmanager. Moved 
to PHP server and get this error.
Need to figure out how to fix this. Any ideas Gary. :)

  PHP Fatal error:  Cannot use object of type stdClass as array in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 506, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Warning:  
copy([path]/administrator/components/com_adsmanager/impfiles/1-10-16-09wdn.xls) 
[<a href='function.copy'>function.copy</a>]: failed to open stream: 
Permission denied in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 358, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  4 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 397, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  5 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 398, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  9 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 405, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  14 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 412, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  15 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 413, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  16 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 414, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  17 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 416, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  18 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 418, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import
  PHP Notice:  Undefined offset:  19 in 
[path]/administrator/components/com_adsmanager/admin.adsmanager.php on 
line 420, referer: 
http://thewdn.com/administrator/index2.php?option=com_adsmanager&act=import

On 10/24/2009 4:39 PM, Gary Mort wrote:
> It's not a matter of version of Joomla, but rather philosophy of PHP 
> developers.
>
> Turning magic quotes on sanitizes variables automatically so they have 
> less potential for causing database injection attacks.
>
> Initially, this was suggested as "more secure" because it means the 
> programmer doesn't have to sanitize the data.
>
> Then the problem is that big apps[like Joomla] get installed on lots 
> of different platforms, so you can't count on it being turned on.
>
> What is worse, is that you have to use 2 different lines of code for 
> retrieving variables based on whether magic quotes is on or off.  So 
> when you have software which can be deployed on platforms you have no 
> control over, now one line of code has become 4, because you have to 
> do an if/else clause for every variable retrieval.
>
> So what was initially created to aid programmers in being lazy now 
> causes more work for programmers.  Hence programmers forced to do more 
> work inaccurately will say it is less secure because their doing more 
> work.
>
> The long and the short of it is, magic quotes has no impact on server 
> security.  It's the PHP programming that will have that impact.
>
>
> On Sat, Oct 24, 2009 at 3:46 PM, David A. Roth 
> <davidalanroth at gmail.com <mailto:davidalanroth at gmail.com>> wrote:
>
>
>     So my big question for this wet Saturday afternoon is, should this be
>     OFF for all modern installations of Joomla, or it isn't a security
>     issue anymore?
>
>     Yes, I plan to upgrade all the Joomla web sites to the latest. I
>     presume the best way to do this is follow the chain of patches?
>
>
>
> Actually, no you can't upgrade from 1.0 to 1.5 - instead you migrate.  
> Depending on how many components you have this may or may not be painful.
>
> The way we did it recently was to create a dev snapshot of a 
> production system.
> Then installed the migrator component to export all the base joomla stuff.
>
> Then we created another dev site and installed 1.5 onto it, importing 
> the migration file during setup.
>
> Then we enabled the legacy mode plugin.  I copied over the tables for 
> some existing components[advanceSEF and Zoomgallery] and then 
> installed the latest versions of those components to the 1.5 site.
>
> We copied over the contents of the 1.0 templates directory and those 
> worked in 1.5 with legacy enabled.
>
> Than we updated the templates to 1.5 and turned off legacy mode.
>
> Finally once we were sure the site was correct, the dev site was 
> backed up and restored to production.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.423 / Virus Database: 270.14.29/2455 - Release Date: 10/24/09 06:43:00
>
>    

-- 
*Scott Wolpow*
*718.275.7765*



More information about the Joomla mailing list