On Thu, 9 Feb 2006 9:55:57 -0600, phil <[EMAIL PROTECTED]> wrote: > > > On Thu, 9 Feb 2006 14:48:17 +0100, Thomas -Balu- Walter > <[EMAIL PROTECTED]> wrote: >> On Thu, Feb 09, 2006 at 10:26:53AM -0300, Lic. Martin Marques wrote: >>> On Thu, 9 Feb 2006, Thomas -Balu- Walter wrote: >>> >If you tell people to switch that off, they might get problems with >>> >other scripts. >>> >>> They can always have diferent settings for diferent directory >> definitions >>> in the web server. >>> >>> As I said before, magic_quotes is a very bad thing, and security must >>> come from the programmer, not an automatic quoter. >> >> I absolutely agree with you here. But the programmer should also make >> his software user/admin friendly and I don\\\'t think the 5 lines >> workaround needed to fix this problem are too much hassle for the >> coder... >> >> You will have more problems telling website-\\\"admins\\\" (which usually >> don\\\'t know a bit of webserver administration) to change a PHP setting - >> just for this subdirectory - been there, done that ;). > > In drupal the distributed .htaccess has the following: > > # Override PHP settings. More exist in sites/default/settings.php, but > # the following cannot be changed at runtime. > <IfModule sapi_apache2.c> > php_value magic_quotes_gpc 0 > php_value register_globals 0 > php_value session.auto_start 0 > </IfModule>
\"...to disable magic quotes completely, without the need to adjust your php.ini file or (re)process the user\'s input. [...] in the .htaccess file, add a line\" php_flag magic_quotes_gpc off http://us3.php.net/manual/en/security.magicquotes.php#61589 P -- http://fak3r.com - you don\'t have to kick it
