Well, I found the files and every instance of addslashes and stripslashes, and um, damn! Yup, I don't know a bit of php.
I've hacked a little php here and there, but I'm not even sure where to begin with this.
The basic jest of the article is to use a function that detects whether magic_quotes_gpc is off or on. This is the example they provided:
highlight_string ( "
function myAddSlashes( $string ) {
if (get_magic_quotes_gpc()==1) {
return ( $string );
} else {
return ( addslashes ( $string ) );
}
}
?>" );
?>
In AMS/class/class.newstory.php, for example, there are a several different places addslashes are used. Here are a couple examples:
$sql = sprintf("UPDATE %s SET title = '%s', published = 0, expired = %u, nohtml = %u, nosmiley = %u, topicid = %u, ihome = %u, topicdisplay = %u, topicalign = '%s', comments = %u, banner= '%s' WHERE storyid = %u", $this->table, $title, $expired, $this->nohtml, $this->nosmiley, $this->topicid, $this->ihome, $this->topicdisplay, $this->topicalign, $this->comments, $myts->addSlashes($this->banner), $this->storyid);
$hometext = $myts->addSlashes($hometext);
Ok, I can put 1+1 together and get 2, and I can code HTML and CSS until the cows come home, but I haven't got a clue how to integrate the function they are describing into the current code. Would it be inline? Would I have to define a global variable?
Also, there are a lot of instances of stripslashes as well. How would I need to modify those instances to prevent errors ?
For example, in AMS/submit.php:
$fldname = (get_magic_quotes_gpc()) ? stripslashes($fldname['name']) : $fldname['name'];
To a php coder, I'm sure my questions are really stupid. Sorry if they are. If I had time to learn php on my own, I wouldn't bother asking, but I'm in a situation where time is a luxury I don't have a lot of.
Any help in getting this complete php n00b started would be GREATLY appreciated!
Thank you,
James
Insanity can be defined as "doing the same thing over and over and expecting different results."
Stupidity is not a crime. Therefore, you are free to go.
