2

magic_quotes_gpc当设置为时,Magento 正在转义撇号off。当我设置magic_quotes_gpc为 时on,Magento 停止插入斜杠。这完全是倒退。

我不能让 Magento 转义我的撇号,但我也不想magic_quotes_gpc设置为,on因为我担心它可能对我网站的其他部分(vBulletin 论坛、Wordpress 博客等)产生影响。

请注意 - Magento 并不总是这样,它只是从今天开始的。

编辑:将以下代码添加到我的 CMS 页面之一的布局更新 XML 后,该行为开始:

<!--<reference name="content">
<block type="catalog/product_new" name="home.catalog.product.new" alias="product_new" template="catalog/product/new.phtml" after="cms_page"><action method="addPriceBlockType"><type>bundle</type><block>bundle/catalog_product_price</block><template>bundle/catalog/product/price.phtml</template></action></block>
<block type="reports/product_viewed" name="home.reports.product.viewed" alias="product_viewed" template="reports/home_product_viewed.phtml" after="product_new"><action method="addPriceBlockType"><type>bundle</type><block>bundle/catalog_product_price</block><template>bundle/catalog/product/price.phtml</template></action></block>
<block type="reports/product_compared" name="home.reports.product.compared" template="reports/home_product_compared.phtml" after="product_viewed"><action method="addPriceBlockType"><type>bundle</type><block>bundle/catalog_product_price</block><template>bundle/catalog/product/price.phtml</template></action></block>
</reference>
<reference name="right">
<action method="unsetChild"><alias>right.reports.product.viewed</alias></action>
<action method="unsetChild"><alias>right.reports.product.compared</alias></action>
</reference>-->

在奇怪的行为开始后,我删除了该代码,但它并没有解决问题。

4

2 回答 2

4

编辑:我发现了问题。事实证明,Wordpress 有自己的添加斜杠的功能。从 Wordpress 版本 3.2.1 开始,您可以wp_magic_quotes()在 /wp-includes/load.php 的第 530 行附近找到函数

为了解决这个问题,我注释掉了函数中的所有内容(不是函数本身,以防止调用未定义的函数)。它消除了转义引号的问题。我没有进行广泛的测试,但据我了解,这可能会破坏旧的 Wordpress 插件,所以要小心。

它将从这里开始:

function wp_magic_quotes() {
    // If already slashed, strip.
    if ( get_magic_quotes_gpc() ) {
        $_GET    = stripslashes_deep( $_GET    );
        $_POST   = stripslashes_deep( $_POST   );
        $_COOKIE = stripslashes_deep( $_COOKIE );
    }

    // Escape with wpdb.
    $_GET    = add_magic_quotes( $_GET    );
    $_POST   = add_magic_quotes( $_POST   );
    $_COOKIE = add_magic_quotes( $_COOKIE );
    $_SERVER = add_magic_quotes( $_SERVER );

    // Force REQUEST to be GET + POST.
    $_REQUEST = array_merge( $_GET, $_POST );
}

对此:

function wp_magic_quotes() {
    // If already slashed, strip.
    /*if ( get_magic_quotes_gpc() ) {
        $_GET    = stripslashes_deep( $_GET    );
        $_POST   = stripslashes_deep( $_POST   );
        $_COOKIE = stripslashes_deep( $_COOKIE );
    }

    // Escape with wpdb.
    $_GET    = add_magic_quotes( $_GET    );
    $_POST   = add_magic_quotes( $_POST   );
    $_COOKIE = add_magic_quotes( $_COOKIE );
    $_SERVER = add_magic_quotes( $_SERVER );

    // Force REQUEST to be GET + POST.
    $_REQUEST = array_merge( $_GET, $_POST );*/
}
于 2011-08-10T04:31:04.443 回答
0

app/code/core/Mage/Core/functions.php的顶部有这个:

if (get_magic_quotes_gpc()) {
    function mageUndoMagicQuotes($array, $topLevel=true) {
        $newArray = array();
        foreach($array as $key => $value) {
            if (!$topLevel) {
                $newKey = stripslashes($key);
                if ($newKey!==$key) {
                    unset($array[$key]);
                }
                $key = $newKey;
            }
            $newArray[$key] = is_array($value) ? mageUndoMagicQuotes($value, false) : stripslashes($value);
        }
        return $newArray;
    }
    $_GET = mageUndoMagicQuotes($_GET);
    $_POST = mageUndoMagicQuotes($_POST);
    $_COOKIE = mageUndoMagicQuotes($_COOKIE);
    $_REQUEST = mageUndoMagicQuotes($_REQUEST);
}

只需将此文件复制到本地(app/code/local/Mage/Core/functions.php)并注释掉 if 语句,以便它始终运行。

// if (get_magic_quotes_gpc()) {
    function mageUndoMagicQuotes($array, $topLevel=true) {
        $newArray = array();
        foreach($array as $key => $value) {
            if (!$topLevel) {
                $newKey = stripslashes($key);
                if ($newKey!==$key) {
                    unset($array[$key]);
                }
                $key = $newKey;
            }
            $newArray[$key] = is_array($value) ? mageUndoMagicQuotes($value, false) : stripslashes($value);
        }
        return $newArray;
    }
    $_GET = mageUndoMagicQuotes($_GET);
    $_POST = mageUndoMagicQuotes($_POST);
    $_COOKIE = mageUndoMagicQuotes($_COOKIE);
    $_REQUEST = mageUndoMagicQuotes($_REQUEST);
// }

This is required because WordPress checks if magic quotes is disabled, and if it is it runs magic quotes anyway. There are lengthy discussions on whether or not this should happen but the consensus is removing that functionality could open security holes in older plugins or themes that do not work around it, so don't expect WordPress to remove that functionality any time soon.

于 2014-11-28T21:07:28.523 回答