MDL-73502 libraries: Avoid uses of get_magic_quotes_xxx() functions

They were deprecated in PHP 7.4 (warning) and have been removed in PHP 8.0 (error). Plus they were returning false since ages ago (PHP 5.x). Hence, adding conditional check to see if they are available (h5p editor) or removing the unreachable code-block when they evaluated to true. Also, modified the corresponding moodle_readme files to document the change.
2025-04-13 12:32:08 +02:00 · 2022-01-05 13:28:45 +01:00 · 2022-01-05 13:28:45 +01:00 · 0098ebccbf
commit 0098ebccbf
parent 0c63990e4f
4 changed files with 4 additions and 10 deletions
--- a/enrol/lti/ims-blti/OAuth.php
+++ b/enrol/lti/ims-blti/OAuth.php
@ -222,15 +222,6 @@ class OAuthRequest {
      $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);

      $ourpost = $_POST;
-      // Deal with magic_quotes
-      // http://www.php.net/manual/en/security.magicquotes.disabling.php
-      if ( get_magic_quotes_gpc() ) {
-         $outpost = array();
-         foreach ($_POST as $k => $v) {
-            $v = stripslashes($v);
-            $ourpost[$k] = $v;
-         }
-      }
     // Add POST Parameters if they exist
      $parameters = array_merge($parameters, $ourpost);

--- a/enrol/lti/ims-blti/moodle_readme.txt
+++ b/enrol/lti/ims-blti/moodle_readme.txt
@ -2,3 +2,5 @@ This library was originally published by the IMS at https://code.google.com/p/im
 current code was taken from https://github.com/jfederico/ims-dev/tree/master/basiclti/php-simple/ims-blti - with
 several changes to the code (including bug fixes). As the library is no longer supported upgrades are not possible.
 In future releases we should look into using a supported library.
+
+2021-01-05 - Removed get_magic_quotes_gpc() use, was returning false since ages ago.
--- a/h5p/h5plib/v124/joubel/editor/ckeditor/samples/old/assets/posteddata.php
+++ b/h5p/h5plib/v124/joubel/editor/ckeditor/samples/old/assets/posteddata.php
@ -32,7 +32,7 @@ if (!empty($_POST))
 		if ( ( !is_string($value) && !is_numeric($value) ) || !is_string($key) )
 			continue;

-		if ( get_magic_quotes_gpc() )
+		if ( function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() )
 			$value = htmlspecialchars( stripslashes((string)$value) );
 		else
 			$value = htmlspecialchars( (string)$value );
--- a/h5p/h5plib/v124/joubel/editor/readme_moodle.txt
+++ b/h5p/h5plib/v124/joubel/editor/readme_moodle.txt
@ -32,5 +32,6 @@ Added:

 Changed:
 * Updated H5peditor::getLibraryData parameters to fix PHP8.0 warnings. See MDL-70903 for details.
+ * Make get_magic_quotes_gpc() use conditional, it has been removed in php80. See MDL-73502 for details.

 Downloaded version: moodle-1.20.2 release