PHP.ini setting breaks Nuke Treasury, themes and more

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

After a significant effort, I discovered a PHP setting that prevents Nuke Treasury and many themes (among possibly many other things) from working correctly. What does Nuke Treasury have in common with themes, you ask?

Well, they both use this approach (taken from the Nuke Treasury block-Donat-o-Meter.php) for allowing formatting changes using standard html:

Code:

   $tmpl_file = "modules/Donations/Donatometer.html";


//   $thefile = implode('', file($tmpl_file));


//   $thefile = addslashes($thefile);


   $thefile = addslashes(file_get_contents($tmpl_file));


   $thefile = "\$r_file=\"".$thefile."\";";


   eval("$thefile");


   $content = $r_file;

Please note that using an eval statement to replace PHP variables in standard HTML is not limited to PHP-Nuke (how much really IS unique in PHP-Nuke--but I digress).

Please also note that I replaced the implode + file functions with the single file_get_contents function - a new function added in 4.3.0 that alledgedly performs more efficiently than the combined implode+file functions.

Getting to the point: Which PHP.ini setting breaks this? magic_quotes_sybase

From Only registered users can see links on this board! Get registered or login!:

Quote:

An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. Most databases do this with a \ which would mean O\'reilly. This would only be to get the data into the database, the extra \ will not be inserted. Having the PHP directive magic_quotes_sybase set to on will mean ' is instead escaped with another '.

Since addslashes is usually used for a reason, you must turn off this setting in order for the eval function to work properly. In PHP-Nuke, I did this by adding this statement to mainfile.php (somewhere near the top is fine):

Code:

   ini_set ('magic_quotes_sybase', 0);

Hopefully, someone else will benefit from my suffering...

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

If I may chime in here, this is nothing unique to eval(). magic_quotes has been both the bane and the admiration to developers. Much has been written cautioning the use and exposing the hazards! If you can't get your host to do this at the php.ini level, and if you are running Apache, add these lines to a .htaccess file at the root folder level. That way you don't have to worry for any script!

Code:




php_flag magic_quotes_gpc     On


php_flag magic_quotes_runtime Off


php_flag magic_quotes_sybase  Off

Posted: Sat Aug 27, 2005 6:29 am

Have you ever seen _sybase turned on at the host level? I can't imagine ANY good reason for doing that. I think we should add ini_set statements for these 3 in the mainfile and be done with it...

Posted: Sat Aug 27, 2005 6:35 am

To be honest with you, no I haven't. I surely don't for my clients.

Posted: Sat Aug 27, 2005 7:17 am

I was helping one of the visitors here and found that. I believe the host is in the UK. Only _sybase was turned on...strange.

Unfortunately, I found few references about this (one of the reasons it took so long to resolve), but hoped my post might make it easier for others (hopefully very few) who have this issue.