About magic_quote_gpc

Author Message

M B

Monday 22 January 2007 2:08:15 am

Hello,

Why do you advice users to disable magic_quote_gpc in the finetune section ? I have the feeling that you give highest priority to performance than to security. Am I wrong ?

Thanx for your answer.
M

Michael Maclean

Monday 22 January 2007 9:06:55 am

I believe eZ publish is written assuming that magic_quotes_gpc is off, because it is not ever guaranteed to be there. If it is found to be on, eZ will remove the slashes automatically (see line 124 in lib/ezutils/classes/ezsys.php if you're interested). This will cause a performance hit. Magic quotes is generally seen to be a bad idea, in fact it will be removed along with safe mode in PHP6: http://www.corephp.co.uk/archives/19-Prepare-for-PHP-6.html

eZpedia community documentation project | http://ezpedia.org

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.