ghettobsd (@ghettobsd)

Forum Replies Created

Viewing 12 replies - 1 through 12 (of 12 total)
  • Ok, I looked into it some more and it turns out that the reason magic_quotes_gpc is “evil” could be because it makes your server vulnerable to sql injections with malformed requests.

    So, that’s enough to not use that.

    Thanks again Chrishajer.

    You’re always welcome at my place!

    This is what i found:

    From: https://bbpress.org/forums/topic/slashes-being-added-in-front-of-apostrophes

    User: baptiste

    Post: Easy fix (hack) in bb-includes/template-functions.php, update this function to look like this:

    function get_post_text() {

    global $bb_post;

    return stripslashes($bb_post->post_text);

    }

    May be an artifact of the wordpress integration – not sure.

    The above did indeed work. But I still looked at the other posts and problems others had.

    https://bbpress.org/forums/topic/apostrophe-and-or-quotation-marks-cause-backslash-to-appear

    user: arpowers

    ok, found the answer wooooooo!

    The ‘real’ reason this wasn’t working was….

    ‘magic_quotes_gpc’ is set to ‘off’ on my server (in php.ini)

    All these other solutions are band-aids, my hunch is that making sure magic quotes is ‘on’ is the solution.

    user: jackey

    Putting “php_value magic_quotes_gpc 1” in my .htaccess file worked for me… for now.

    The above also worked. So instead of editing the bbpress code, i just modified the .htaccess file (added to it), that 1 line fixed it. So I will go with it untill I see a problem.

    Worth noting, someone said that by changing the code as per baptiste’s method could corrupt backups you make of sql. So, that was the reason I went with the .htaccess fix.

    Thank you!

    chrishajer: you are GhettoBSD Approved!

    Thanks to zaerl this is what i did to code:

    http://pastebin.com/SAx377E4

    So yeah that’s not what is affecting this problem. I will look into the links you pasted.

    Thank you very much!

    yeah, separately it works.

    It’s not until integration.

    But it’s just so weird, why would a / be added in? Even with no modification to anything? I will try with separate auth keys and go from there.

    Please see above! :P

    I used a NEW (not related) db, i used both clean installs.

    So basically, the problem is reproduced on the stock installs of wp,bb with integration on mysql. So nothing, not even the themes from before were used.

    At first I thought it was because I changed the type of links (permlinks) and then did a stock install with no changes, but integration and it happened again.

    I basically did many installs under different configurations/databases. And everything ended up the same every time.

    I ruled out:

    – The theme being the problem.

    – The hacks …

    – Perm link options …

    – .htaccess …

    – The database…

    Maybe it has to do with the auth key info? That’s the only obvious thing.

    I do have wp and bb installed else where and integrated without the same problem.

    I used a generator that also generated the salt, could that be it?

    that file helped me work out some issues!

    thank you!

    thank you very much!

    That’s actually why I needed to remove the backtick, because I wouldn’t be able to post code without it looking like barf.

    Thanks for your help again guys, great work!

    OK so I found out that in the style.css you can change it but, that changes both the post and edit box at the same time. Would I have to just edit them separately in their page.php?

    hahaha I’ve been working on that section for a while!

    Thank you very much.

    You are now GhettoBSD Approved!

    {:{D}

    You’re welcome on my site anytime! (ghettobsd.org)

    Thank you very much zaerl!*#!@&*(#!@!

    I also found in: bb-includes/functions.bb-formatting.php the following

    function bb_encodeit( $matches ) {

    $text = trim($matches[2]);

    $text = htmlspecialchars($text, ENT_QUOTES);

    $text = str_replace(array(“rn”, “r”), “n”, $text);

    $text = preg_replace(“|nnn+|”, “nn”, $text);

    $text = str_replace(‘&’, ‘&’, $text);

    $text = str_replace(‘<’, ‘<’, $text);

    $text = str_replace(‘>’, ‘>’, $text);

    $text = “$text“;

    if ( “`” != $matches[1] )

    $text = “

     $text 

    “;

    return $text;

    }

    Could I change the last 3 lines starting from if?

    I was looking for where I could do this. Would it possibly be in :

    bbpress/bb-includes/backpress/functions.formatting.php ?

    Or would it be in one of the posting php files?

    Any more tips you can offer I’d appreciate!

    I had seen in another post someone refer to the following:

    $str = preg_replace( ‘/`&[^;s]{0,6}$/’, ”, $str );

    could that be modified to do what you said? Taken from functions.formatting.php

    Thank you

Viewing 12 replies - 1 through 12 (of 12 total)