Last modified: 2011-08-31 23:17:08 UTC
We all know that magic_quotes_gpc is quite evil, but most of us have made some gpc cleaners and hope for the best. MediaWiki's GPC cleaner does not clean array values correctly: it mishandles url arrays. For instance: submitting value[key's] will be returned as value[key\'s]. This behavior is extensively documented at the PHP manual here: http://us3.php.net/manual/en/function.get-magic-quotes-gpc.php I understand magic_quotes compatibility is not of utmost concern because MediaWiki is primarily an in-house application, and magic_quotes is probably disabled on all your servers. Furthermore, MediaWiki rarely uses arrays in posts, mitigating the problem further. However, for extension authors, this can cause some hard to diagnose problems. I'll be understanding if this is marked WONTFIX, and I'm working on a patch. Thanks.
Created attachment 1233 [details] Patch that fixes bug, based on comment in PHP manual This patch, upon casual testing, fixes the bug. It was based on php at kaiundina dot de's comment on the PHP manual at http://us3.php.net/manual/en/function.get-magic-quotes-gpc.php
(In reply to comment #1) > Created an attachment (id=1233) [edit] > Patch that fixes bug, based on comment in PHP manual 1. Use version_compare() to compare php versions, it's much more reliable 2. Use tabs not spaces for indenting 3. Did you concact the author for permission to use the code? Just because something is in a php manual comment doesn't mean we have permission to publish it under the GPL
(In reply to comment #2) > 1. Use version_compare() to compare php versions, it's much more reliable > 2. Use tabs not spaces for indenting I'll fix that in the patch. > 3. Did you concact the author for permission to use the code? Just because > something is in a php manual comment doesn't mean we have permission to publish > it under the GPL According to the comment posting guidelines: > This means that any note submitted here becomes the property of the PHP Documentation Group. I believe this means they are covered under the copyright license here: http://us3.php.net/manual/en/copyright.php which states the manual is under the Open Publication License. This license is largely compatible with GNU GPL (see http://www.gnu.org/licenses/license-list.html ) as long as Section VI is not invoked. However, according to their copyright page, these sections are being invoked, and so I'm not really sure what is going on. I'm not even sure if it would be possible to rewrite the functions: they're pretty compact and if you use the information kaiundina offered, you're bound to get the same implementation. I'll handle the other two issues and submit another revision of the patch.
Created attachment 1252 [details] Patch fixes bug, handles issues 1 and 2 completely New patch, handles issues one and two, and sort of handles three, if variable renaming can be considered not using the code.
Okay. I have come to the conclusion that, essentially, the two clauses that make the Open Publication License incompatible with GFDL apply *only* to the documents not code, and therefore, can be ignored when dealing with code snippets, making the license COMPATIBLE with the GFDL. However, the nebulousness of the Open Document to Open Code bridge makes things, to say the least, interesting. I sent an email to the webmaster of the PHP website and the creator of the code snippet. Here are the relevant snippets of their emails: Gabor Hojtsy wrote: > As our note submission page states, the notes are considered property of > the documentation group (this only means that we are not crediting > submitters whose notes are integrated into the manual). All submitted > notes are under the same license as the manual for the very same reason. > Whether our license is GPL compatible is a good question. You can look > for some analysis on the net. Since the documentation is licensed as > content, not as source code, it is not really straigforward to compare > the documentation license with the GPL. Kai Giebeler wrote: > Feel free to use the code in your project wherever you like. This is a bit too mind boggling. Do you suppose there is any possible way to rewrite the entire thing so we can bypass this copyright catastrophe? Also, is this code snippet copyrightable? This sort of code is given in the context that you take it and build upon it without regard to source (like Public Domain). And, of course, Does anyone really care? Which is why I'm willing to rewrite the whole thing in order to dodge these thorny licensing issues. If only I knew *how*.
Patch is outdated. Does the current version of MediaWiki have any problems with unescaping?
It probably still does, but at this point, I don't care about the patch anymore, and would be happy to see this as a WONTFIX.
*Bulk BZ Change: +Patch to open bugs with patches attached that are missing the keyword*
Fixed in r95921