By richard-1 on

Hi,

I installed 4.3.1 beside 4.3.0 and preserved my includes/conf.php. The installs were each in their own directory. Operation appeared fine except the addition of the "you must set magic_quotes_gpc = 0" error at the top of each rendered page.

Hmmm, . . .

Try it from 4.3.0/ - no error.

try it from 4.3.1/ - error.

Hmmm, . . . okay. try it again, same results. "Must be an ID-10-T error," I say to myself. Check /etc/php.ini, "magic_quotes_gpc = off", okay, try '0' rather than 'off'. Try again, no joy.

What's happening locally?

grep -r "magic_quotes" *
drupal/.htaccess:   php_value magic_quotes_gpc        0
drupal/.htaccess:   php_value magic_quotes_runtime    0
drupal/.htaccess:   php_value magic_quotes_sybase     0
drupal/index.php:check_php_setting("magic_quotes_gpc", 0);
drupal/INSTALL:  magic_quotes_gpc         0
drupal-4.3.0/.htaccess:   php_value magic_quotes_gpc        0
drupal-4.3.0/.htaccess:   php_value magic_quotes_runtime    0
drupal-4.3.0/.htaccess:   php_value magic_quotes_sybase     0
drupal-4.3.0/includes/common.inc:  if (ini_get("magic_quotes_gpc") == 0) return;
drupal-4.3.0/INSTALL:  magic_quotes_gpc         0
drupal-4.3.1/.htaccess:   php_value magic_quotes_gpc        0
drupal-4.3.1/.htaccess:   php_value magic_quotes_runtime    0
drupal-4.3.1/.htaccess:   php_value magic_quotes_sybase     0
drupal-4.3.1/index.php:check_php_setting("magic_quotes_gpc", 0);
drupal-4.3.1/INSTALL:  magic_quotes_gpc         0

hmmm, includes/common.inc has changed. Wonder what that means? ;-)
Everything says magic_quotes_gpc = 0.

Except 

 phpinfo();

- it says magic_quote_gpc = "ON"

Now what?

/etc/init.d/httpd restart

try again - Fixed!

So my question (finally) What was that all about? Did I break the installation? Did I override magic_quotes_gpc accidentally? Or does a new directory demand an apache restart?

Thanks,
Richard

Comments

hystrix’s picture

hystrix commented

There are optional overrides for magic_quotes_gpc in the included .htaccess file in the base drupal directory as your grep revealed:

grep -r "magic_quotes" *
drupal/.htaccess: php_value magic_quotes_gpc 0

However, if you look at the .htaccess file its a conditional override:

# Overload PHP variables:
<IfModule mod_php4.c>
   php_value magic_quotes_gpc        0
</IfModule>

It wasn't finding my mod_php4, so I ended up commenting the <IfModule> lines so that the php overrides would be sure to be set.

markb-1’s picture

markb-1 commented

If you are using apache 2, in the .htaccess file change

IfModule mod_php4.c
to
IfModule sapi_apache2.c

This is due to the removal of the AddModule directive in Apach2.

prometheus0815’s picture

prometheus0815 commented

I had the same problem, but I solved it differently. When I realized the conditional override in .htaccess didn't work, I modified includes/conf.php by inserting a line after the (commented) setting of the PEAR path in the "PHP settings" section:

// ini_set("include_path", ".:/path/to/pear");
ini_set("magic_quotes_gpc", "0");

And that was it ... problem solved. ;-)

Good luck everyone!

yasha’s picture

yasha commented

tried that. didnt work.

yasha’s picture

yasha commented

which lines did you comment specifically?

danigiri’s picture

danigiri commented

Ummm :? same problem here. Did the minor point upgrade, no errors before, errors now. I kept the .htaccess file and the conf file from the previous version. Restarting the apache daemon produced no results. I think that I will grab the .htaccess from CVS to see if there are any differences.

OTOH, putting quotes on the fields worked ok in the previous version, now (as message tells) it is broken and \' shows up.

Best,
Dani++

kip@tigersfortomorrow.org’s picture

kip@tigersfortomorrow.org commented

I fixed my Drupal site using the sapi_apache2.c option but I found that some of my other PHP sites quit working afterwards due to invalid session variables.

What I finally ended up doing was to allow overrides for the ailing PHP sites and add a new .htaccess for each with specific session variables set for that virtual host. Primarily, the session.save_path was set to sessions (in the home dir of each PHP webapp that required session.save_handler=files ) and session.save_handler was reset to files.

Woops - This really belongs under "Don't use IfModule mod_php4.c when using Apache 2" by markb. Moderator - please forgive my brain fart.

sandman’s picture

sandman commented

I have the same problem, but i can't set the magic_quotes_gpc value for security reason. It is a mode to reduce the risk of "sql injection".

I can disable the error message on top (I deleted the command "check_php_setting("magic_quotes_gpc", 0);" in /index.php), but there is a \ before the quotes.

My site is hosted in a public free server and I can't modify the settings of mysql.

Is it possible to find another solution?

yasha’s picture

yasha commented

im using:
Apache 1.3.29
PHP 4.3.3
Drupal 4.3.2

magic quotes = 0 in index, hta, conf, and the north pole.

the only way ive been able to get rid of the magic quotes was for my host to temporarily change the server settings (which have now been changed back) or for me to comment out magic quotes (which leaves that / problem with any quote usage).

can someone give some clear step by step directions as to how to get rid of this problem?

yasha’s picture

yasha commented

anyone have a suggestion?