Last modified: 2011-08-31 23:17:08 UTC
We all know that magic_quotes_gpc is quite evil, but most of us have made some
gpc cleaners and hope for the best. MediaWiki's GPC cleaner does not clean array
values correctly: it mishandles url arrays. For instance: submitting
value[key's] will be returned as value[key\'s].
This behavior is extensively documented at the PHP manual here:
I understand magic_quotes compatibility is not of utmost concern because
MediaWiki is primarily an in-house application, and magic_quotes is probably
disabled on all your servers. Furthermore, MediaWiki rarely uses arrays in
posts, mitigating the problem further. However, for extension authors, this can
cause some hard to diagnose problems.
I'll be understanding if this is marked WONTFIX, and I'm working on a patch. Thanks.
Created attachment 1233 [details]
Patch that fixes bug, based on comment in PHP manual
This patch, upon casual testing, fixes the bug. It was based on php at
kaiundina dot de's comment on the PHP manual at
(In reply to comment #1)
> Created an attachment (id=1233) 
> Patch that fixes bug, based on comment in PHP manual
1. Use version_compare() to compare php versions, it's much more reliable
2. Use tabs not spaces for indenting
3. Did you concact the author for permission to use the code? Just because
something is in a php manual comment doesn't mean we have permission to publish
it under the GPL
(In reply to comment #2)
> 1. Use version_compare() to compare php versions, it's much more reliable
> 2. Use tabs not spaces for indenting
I'll fix that in the patch.
> 3. Did you concact the author for permission to use the code? Just because
> something is in a php manual comment doesn't mean we have permission to publish
> it under the GPL
According to the comment posting guidelines:
> This means that any note submitted here becomes the property of the PHP
I believe this means they are covered under the copyright license here:
http://us3.php.net/manual/en/copyright.php which states the manual is under the
Open Publication License. This license is largely compatible with GNU GPL (see
http://www.gnu.org/licenses/license-list.html ) as long as Section VI is not
invoked. However, according to their copyright page, these sections are being
invoked, and so I'm not really sure what is going on.
I'm not even sure if it would be possible to rewrite the functions: they're
pretty compact and if you use the information kaiundina offered, you're bound to
get the same implementation.
I'll handle the other two issues and submit another revision of the patch.
Created attachment 1252 [details]
Patch fixes bug, handles issues 1 and 2 completely
New patch, handles issues one and two, and sort of handles three, if variable
renaming can be considered not using the code.
Okay. I have come to the conclusion that, essentially, the two clauses that make
the Open Publication License incompatible with GFDL apply *only* to the
documents not code, and therefore, can be ignored when dealing with code
snippets, making the license COMPATIBLE with the GFDL. However, the nebulousness
of the Open Document to Open Code bridge makes things, to say the least,
I sent an email to the webmaster of the PHP website and the creator of the code
snippet. Here are the relevant snippets of their emails:
Gabor Hojtsy wrote:
> As our note submission page states, the notes are considered property of
> the documentation group (this only means that we are not crediting
> submitters whose notes are integrated into the manual). All submitted
> notes are under the same license as the manual for the very same reason.
> Whether our license is GPL compatible is a good question. You can look
> for some analysis on the net. Since the documentation is licensed as
> content, not as source code, it is not really straigforward to compare
> the documentation license with the GPL.
Kai Giebeler wrote:
> Feel free to use the code in your project wherever you like.
This is a bit too mind boggling. Do you suppose there is any possible way to
rewrite the entire thing so we can bypass this copyright catastrophe? Also, is
this code snippet copyrightable? This sort of code is given in the context that
you take it and build upon it without regard to source (like Public Domain).
And, of course, Does anyone really care?
Which is why I'm willing to rewrite the whole thing in order to dodge these
thorny licensing issues. If only I knew *how*.
Patch is outdated. Does the current version of MediaWiki have any problems with unescaping?
It probably still does, but at this point, I don't care about the patch anymore, and would be happy to see this as a WONTFIX.
*Bulk BZ Change: +Patch to open bugs with patches attached that are missing the keyword*
Fixed in r95921