* MediaWiki now requires PHP's iconv extension. openSUSE users may need to
install the php5-iconv package. Users of other systems may need to add
extension=iconv.so to php.ini or recompile PHP without --without-iconv.
+* MediaWiki will no longer function if magic quotes are enabled. It has
+ been deprecated for 5 years now, and was removed in PHP 5.4.
* The server's canonical hostname is available as $wgServerName, which is
exposed in both mw.config and ApiQuerySiteInfo.
* Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch,
/**
* The WebRequest class encapsulates getting at data passed in the
- * URL or via a POSTed form, handling remove of "magic quotes" slashes,
- * stripping illegal input characters and normalizing Unicode sequences.
+ * URL or via a POSTed form stripping illegal input characters and
+ * normalizing Unicode sequences.
*
* Usually this is used via a global singleton, $wgRequest. You should
* not create a second WebRequest object; make a FauxRequest object if
protected $protocol;
public function __construct() {
- /// @todo FIXME: This preemptive de-quoting can interfere with other web libraries
- /// and increases our memory footprint. It would be cleaner to do on
- /// demand; but currently we have no wrapper for $_SERVER etc.
- $this->checkMagicQuotes();
+ if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
+ throw new MWException( "MediaWiki does not function when magic quotes are enabled." );
+ }
// POST overrides GET data
// We don't use $_REQUEST here to avoid interference from cookies...
return array();
}
- /**
- * Recursively strips slashes from the given array;
- * used for undoing the evil that is magic_quotes_gpc.
- *
- * @param array $arr will be modified
- * @param bool $topLevel Specifies if the array passed is from the top
- * level of the source. In PHP5 magic_quotes only escapes the first level
- * of keys that belong to an array.
- * @return array The original array
- * @see http://www.php.net/manual/en/function.get-magic-quotes-gpc.php#49612
- */
- private function &fix_magic_quotes( &$arr, $topLevel = true ) {
- $clean = array();
- foreach ( $arr as $key => $val ) {
- if ( is_array( $val ) ) {
- $cleanKey = $topLevel ? stripslashes( $key ) : $key;
- $clean[$cleanKey] = $this->fix_magic_quotes( $arr[$key], false );
- } else {
- $cleanKey = stripslashes( $key );
- $clean[$cleanKey] = stripslashes( $val );
- }
- }
- $arr = $clean;
- return $arr;
- }
-
- /**
- * If magic_quotes_gpc option is on, run the global arrays
- * through fix_magic_quotes to strip out the stupid slashes.
- * WARNING: This should only be done once! Running a second
- * time could damage the values.
- */
- private function checkMagicQuotes() {
- $mustFixQuotes = function_exists( 'get_magic_quotes_gpc' )
- && get_magic_quotes_gpc();
- if ( $mustFixQuotes ) {
- $this->fix_magic_quotes( $_COOKIE );
- $this->fix_magic_quotes( $_ENV );
- $this->fix_magic_quotes( $_GET );
- $this->fix_magic_quotes( $_POST );
- $this->fix_magic_quotes( $_REQUEST );
- $this->fix_magic_quotes( $_SERVER );
- }
- }
-
/**
* Recursively normalizes UTF-8 strings in the given array.
*
'envCheckRegisterGlobals',
'envCheckBrokenXML',
'envCheckMagicQuotes',
- 'envCheckMagicSybase',
'envCheckMbstring',
'envCheckSafeMode',
'envCheckXML',
}
/**
- * Environment check for magic_quotes_runtime.
+ * Environment check for magic_quotes_(gpc|runtime|sybase).
* @return bool
*/
protected function envCheckMagicQuotes() {
- if ( wfIniGetBool( "magic_quotes_runtime" ) ) {
- $this->showError( 'config-magic-quotes-runtime' );
-
- return false;
- }
-
- return true;
- }
-
- /**
- * Environment check for magic_quotes_sybase.
- * @return bool
- */
- protected function envCheckMagicSybase() {
- if ( wfIniGetBool( 'magic_quotes_sybase' ) ) {
- $this->showError( 'config-magic-quotes-sybase' );
-
- return false;
+ $status = true;
+ foreach ( array( 'gpc', 'runtime', 'sybase' ) as $magicJunk ) {
+ if ( wfIniGetBool( "magic_quotes_$magicJunk" ) ) {
+ $this->showError( "config-magic-quotes-$magicJunk" );
+ $status = false;
+ }
}
- return true;
+ return $status;
}
/**
"config-outdated-sqlite": "<strong>Warning:</strong> you have SQLite $1, which is lower than minimum required version $2. SQLite will be unavailable.",
"config-no-fts3": "<strong>Warning:</strong> SQLite is compiled without the [//sqlite.org/fts3.html FTS3 module], search features will be unavailable on this backend.",
"config-register-globals-error": "<strong>Error: PHP's <code>[http://php.net/register_globals register_globals]</code> option is enabled.\nIt must be disabled to continue with the installation.</strong>\nSee [https://www.mediawiki.org/wiki/register_globals https://www.mediawiki.org/wiki/register_globals] for help on how to do so.",
+ "config-magic-quotes-gpc": "<strong>Fatal: [http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc magic_quotes_gpc] is active!</strong>\nThis option corrupts data input unpredictably.\nYou cannot install or use MediaWiki unless this option is disabled.",
"config-magic-quotes-runtime": "<strong>Fatal: [http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-runtime magic_quotes_runtime] is active!'</strong>\nThis option corrupts data input unpredictably.\nYou cannot install or use MediaWiki unless this option is disabled.",
"config-magic-quotes-sybase": "<strong>Fatal: [http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-sybase magic_quotes_sybase] is active!</strong>\nThis option corrupts data input unpredictably.\nYou cannot install or use MediaWiki unless this option is disabled.",
"config-mbstring": "<strong>Fatal: [http://www.php.net/manual/en/ref.mbstring.php#mbstring.overload mbstring.func_overload] is active!</strong>\nThis option causes errors and may corrupt data unpredictably.\nYou cannot install or use MediaWiki unless this option is disabled.",
"config-outdated-sqlite": "Used as warning. Parameters:\n* $1 - the version of SQLite that has been installed\n* $2 - minimum version",
"config-no-fts3": "A \"[[:wikipedia:Front and back ends|backend]]\" is a system or component that ordinary users don't interact with directly and don't need to know about, and that is responsible for a distinct task or service - for example, a storage back-end is a generic system for storing data which other applications can use. Possible alternatives for back-end are \"system\" or \"service\", or (depending on context and language) even leave it untranslated.",
"config-register-globals-error": "Error message in the MediaWiki installer environment checks.",
+ "config-magic-quotes-gpc": "{{Related|Config-fatal}}",
"config-magic-quotes-runtime": "{{Related|Config-fatal}}",
"config-magic-quotes-sybase": "{{Related|Config-fatal}}",
"config-mbstring": "{{Related|Config-fatal}}",