About magic_quote_gpc

Next topic

Author	Message
M B	Monday 22 January 2007 2:08:15 am Hello, Why do you advice users to disable magic_quote_gpc in the finetune section ? I have the feeling that you give highest priority to performance than to security. Am I wrong ? Thanx for your answer. M
Michael Maclean	Monday 22 January 2007 9:06:55 am I believe eZ publish is written assuming that magic_quotes_gpc is off, because it is not ever guaranteed to be there. If it is found to be on, eZ will remove the slashes automatically (see line 124 in lib/ezutils/classes/ezsys.php if you're interested). This will cause a performance hit. Magic quotes is generally seen to be a bad idea, in fact it will be removed along with safe mode in PHP6: http://www.corephp.co.uk/archives/19-Prepare-for-PHP-6.html eZpedia community documentation project \| http://ezpedia.org

Author

Message

Monday 22 January 2007 2:08:15 am

Hello,

Why do you advice users to disable magic_quote_gpc in the finetune section ? I have the feeling that you give highest priority to performance than to security. Am I wrong ?

Thanx for your answer.
M

Michael Maclean

Monday 22 January 2007 9:06:55 am

I believe eZ publish is written assuming that magic_quotes_gpc is off, because it is not ever guaranteed to be there. If it is found to be on, eZ will remove the slashes automatically (see line 124 in lib/ezutils/classes/ezsys.php if you're interested). This will cause a performance hit. Magic quotes is generally seen to be a bad idea, in fact it will be removed along with safe mode in PHP6: http://www.corephp.co.uk/archives/19-Prepare-for-PHP-6.html

eZpedia community documentation project | http://ezpedia.org