The issue: Incorrect escaping in data storages and output.
- Decreases performance of your complete application
- For proper escaping you need strip_slashes() and the storage specific function.
The solution: Turn off magic_quotes in production environment and escape properly.
Undo magic_quotes.
<?php
if (get_magic_quotes_gpc()) {
function strip_quotes(&$var) {
if (is_array($var) {
array_walk($var, 'strip_quotes');
} else {
$var = stripslashes($var);
}
}
// Handle GPC
foreach (array('GET','POST','COOKIE') as $v) {
if (!empty(${"_".$v})) {
array_walk(${"_".$v}, 'strip_quotes');
}
}
}
?>
Such recursive functions can easily be exploited - this will consume all of the servers memory and crash the script.
<?php
$qry = str_repeat('[]', 1024);
file_get_contents('http://example.com/site.php?a' . $qry . '=1');
?>
Use the following faster and safer script.
<?php
if (get_magic_quotes_gpc()) {
$in = array(&$_GET, &$_POST, &$_COOKIE);
while (list($k,$v) = each($in)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$in[$k][$key] = stripslashes($val);
continue;
}
$in[] =& $in[$k][$key];
}
}
unset($in);
}
?>