scchu

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)

  • Actually what I posted is not idea either.

    It turns out this is an issue with WordPress’ internal wp_magic_quotes() function screwing with facebook php-sdk.

    So what I did instead was to turn force turn on magic_quotes_gpc for wordpress only.

    To do that, at the root of WordPress director, create a .htaccess file (if there isn’t already one). And paste the follow code to force it on.

    php_flag magic_quotes_gpc on

    Cheers…

    Hi tWH,

    Thank you for the finding. That solved my two days of agony.

    On my PHP install, “magic_quotes_gpc” is off by default. And it seems like it will be deprecated in future versions of PHP.

    I implemented a similar solution except that I check for it:

    parse_str(trim(
    function_exists( "get_magic_quotes_gpc" )
      ? stripslashes($_COOKIE[$cookieName])
      : $_COOKIE[$cookieName],
    '"'
  ), $session);

    That way the code is more portable for different environments where we simply can’t know the status of “get_magic_quotes_gpc”.

    Thanks again!

    Yup. The same thing happened to me. Running 2.3. I thought it must’ve been exploit for 2.3. But it turns out 2.3.1 is also vulnerable. I am not feeling too comfortable with this actually. And I just noticed it in a post I did 2 days ago!! Now I gotta go back and dig them out… Argh…

Viewing 3 replies - 1 through 3 (of 3 total)