9 replies to this topic

[Rsteve]

Hi:

We just updated ServerBuddy and ran it and found that we got a warning for PHP Magic Quotes GPC. Is that a setting your recommend adjusting through php.ini, and if so, what setting do you suggest to remove the warning?

Thanks!

[Jeremy Trask]

Hi Steve

It generally accepted as being preferable to not utilize this capability these days - please see the PHP documentation at: http://php.net/manual/en/security.magicquotes.php

Hosts still seem to have this set on (enabled) by default as there are apparently still some (older) applications that still rely on this and they obviously don't know what you will be loading on. If you _do_ have anything that needs it (and if you have a moderately up to date system you most likely don't) then in any case the recommendation is to update whatever bit of software you have that needs this to be on (enabled).

You can turn this off with

magic_quotes_gpc = off

in your php.ini or the equivalent in your .htaccess, whichever is the method you are using for php config settings (I think in your case it would be php.ini).

Regards...jeremy

[Tom Watson]

I had the same warning. I changed it in php.ini, but it does not register as changed in Server Buddy - I still get the warning. I did a hard refresh with no change. BTW, the line does not exist in my htaccess file. Suggestions?

[Josh]

Hi Tom,

It might be that your server does not allow this setting to be changed through the <span><span>php</span></span>.<span><span>ini</span></span>. Although it is not crucial that you have this setting off. Do you know of anything issues that are <span>occurring</span><span> with this setting turned on? These are just recommendations. You can try changing it through your .htaccess. Just add the line in file. </span>

php_flag magic_quotes_gpc Off

<span>Please let us know if you have further questions </span>

<span>Regards</span>

<span>Josh
</span>

[sweetmelody]

@Jeremy How can I actually turn off the magic_quotes_gpc in php.ini?

Quote

You can turn this off with
magic_quotes_gpc = off

In the php.ini file:

Quote

Line 95:  ; - magic_quotes_gpc = Off         [Performance]


Line 474: ; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On

Do I just have to change the 'On' of magic_quotes_gpc = On on Line 474 to 'Off'?

Thanks!

[Jeremy Trask]

Yup

From the PHP Documentation: http://www.php.net/manual/en/security.magicquotes.disabling.php

Regards...jeremy

[sweetmelody]

I saw the php.ini under /public_html and edited the 'On's to 'Off's in the file but the PHP Magic Quotes GPC in BackupBuddy - Server Info is still showing 'Enabled' and 'Warning'.

Further explanation and examples:

• The /public_html is for ABCD.com, while /public_html/1234 is for 1234.com.
  
• BackupBuddy is installed in 1234.com but php.ini is only available under /public_html.
  
• Edited the php.ini under /public_html but doesn't solve the warning sign.

Thus, can it be solve by copying the php.ini to /public_html/1234 and edit the 'On's? Is this a right solution?

I'm trying not to use the htaccess method.

[Jeremy Trask]

Depends on how your server is configured as to how it reads ini files and where it reads them from. I would suggest that you ask your host support as this is a server specific issue.

The .htaccess method applies to particular types of server configuration that don't use php.ini type files and if you use that improperly it can cause a server error for your site.

You should have your host support advise you on what is the correct approach to use for how they have their servers configured, we can just point you in the right direction ;-)

Regards...jeremy

[sweetmelody]

I've placed the 'Off' to the root and subdirectory's php.ini but in BackupBuddy Server Info, the PHP Magic Quotes GPC remains 'enabled' and 'warning'. Is this a bug?

[Jeremy Trask]

Hi sweetmelody

If you are continuing to have a problem that relates to BackupBuddy as opposed to ServerBuddy then please post in the BackupBuddy forum where you can be assisted.

If you are using either ServerBuddy or BackupBuddy you can click the button that gives you the detailed phpinfo() sourced information and that will tell you where PHP is picking up any configuration file from (an entry somewhere near the top dependent on your PHP installation) and thus you can see whether your php.ini file is being used or not.

I suggest that you consult your host support for details of how you can change PHP configuration item because as I mentioned there are a variety of ways and on some servers you have to wait some period of time before any changes are reflected in the actual operational PHP configuration.

In answer to your question - no, there is no known bug in the representation of the information as provided by your PHP installation (and such an issue has never been reported before by anyone that I can recall having dealt with). Plugins (and themes) can sometimes change PHP configurable items for their own purposes and override whatever you might have set in any configuration file or statement.

Regards...jeremy