From 0098ebccbf3fa2c1bb289e2e52fa263537f33517 Mon Sep 17 00:00:00 2001 From: "Eloy Lafuente (stronk7)" Date: Wed, 5 Jan 2022 13:28:45 +0100 Subject: [PATCH] MDL-73502 libraries: Avoid uses of get_magic_quotes_xxx() functions They were deprecated in PHP 7.4 (warning) and have been removed in PHP 8.0 (error). Plus they were returning false since ages ago (PHP 5.x). Hence, adding conditional check to see if they are available (h5p editor) or removing the unreachable code-block when they evaluated to true. Also, modified the corresponding moodle_readme files to document the change. --- enrol/lti/ims-blti/OAuth.php | 9 --------- enrol/lti/ims-blti/moodle_readme.txt | 2 ++ .../editor/ckeditor/samples/old/assets/posteddata.php | 2 +- h5p/h5plib/v124/joubel/editor/readme_moodle.txt | 1 + 4 files changed, 4 insertions(+), 10 deletions(-) diff --git a/enrol/lti/ims-blti/OAuth.php b/enrol/lti/ims-blti/OAuth.php index 3077787a417..afd0f74510d 100644 --- a/enrol/lti/ims-blti/OAuth.php +++ b/enrol/lti/ims-blti/OAuth.php @@ -222,15 +222,6 @@ class OAuthRequest { $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']); $ourpost = $_POST; - // Deal with magic_quotes - // http://www.php.net/manual/en/security.magicquotes.disabling.php - if ( get_magic_quotes_gpc() ) { - $outpost = array(); - foreach ($_POST as $k => $v) { - $v = stripslashes($v); - $ourpost[$k] = $v; - } - } // Add POST Parameters if they exist $parameters = array_merge($parameters, $ourpost); diff --git a/enrol/lti/ims-blti/moodle_readme.txt b/enrol/lti/ims-blti/moodle_readme.txt index eb7c4f28330..1b8890cd0c7 100644 --- a/enrol/lti/ims-blti/moodle_readme.txt +++ b/enrol/lti/ims-blti/moodle_readme.txt @@ -2,3 +2,5 @@ This library was originally published by the IMS at https://code.google.com/p/im current code was taken from https://github.com/jfederico/ims-dev/tree/master/basiclti/php-simple/ims-blti - with several changes to the code (including bug fixes). As the library is no longer supported upgrades are not possible. In future releases we should look into using a supported library. + +2021-01-05 - Removed get_magic_quotes_gpc() use, was returning false since ages ago. diff --git a/h5p/h5plib/v124/joubel/editor/ckeditor/samples/old/assets/posteddata.php b/h5p/h5plib/v124/joubel/editor/ckeditor/samples/old/assets/posteddata.php index ee256d6f66e..83d3cedeb91 100644 --- a/h5p/h5plib/v124/joubel/editor/ckeditor/samples/old/assets/posteddata.php +++ b/h5p/h5plib/v124/joubel/editor/ckeditor/samples/old/assets/posteddata.php @@ -32,7 +32,7 @@ if (!empty($_POST)) if ( ( !is_string($value) && !is_numeric($value) ) || !is_string($key) ) continue; - if ( get_magic_quotes_gpc() ) + if ( function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() ) $value = htmlspecialchars( stripslashes((string)$value) ); else $value = htmlspecialchars( (string)$value ); diff --git a/h5p/h5plib/v124/joubel/editor/readme_moodle.txt b/h5p/h5plib/v124/joubel/editor/readme_moodle.txt index 0ae73b67ea5..c1c0c37f87b 100644 --- a/h5p/h5plib/v124/joubel/editor/readme_moodle.txt +++ b/h5p/h5plib/v124/joubel/editor/readme_moodle.txt @@ -32,5 +32,6 @@ Added: Changed: * Updated H5peditor::getLibraryData parameters to fix PHP8.0 warnings. See MDL-70903 for details. + * Make get_magic_quotes_gpc() use conditional, it has been removed in php80. See MDL-73502 for details. Downloaded version: moodle-1.20.2 release