3

Newbie here. I'm upgrading from PHP 5.6 to 7.6

On my login page, unable to login, getting following error:

Deprecated: Function get_magic_quotes_gpc() is deprecated in /home/domain/library/config.php on line 49

Here's the code for the config.php file:

        <?php
ini_set('display_errors', 'On');
//ob_start("ob_gzhandler");
error_reporting(E_ALL);

// start the session
session_start();
$sid = session_id();

// database connection config
$servername = 'xxx';
$username = 'xxx';
$password = 'xxx';
$dbName = 'xxx';


require_once 'database.php';
require_once 'common.php';

// get the shop configuration ( name, addres, etc ), all page need it
$getSiteConfig = getSiteConfig();

// setting up the web root and server root for
// this shopping cart application
$thisFile = str_replace('\\', '/', __FILE__);
$docRoot = $_SERVER['DOCUMENT_ROOT'];

$webRoot  = str_replace(array($docRoot, 'library/config.php'), '', $thisFile);
$srvRoot  = str_replace('library/config.php', '', $thisFile);

define('WEB_ROOT', $webRoot);
define('SRV_ROOT', $srvRoot);


define ( "REDIRECT_AFTER_CONFIRMATION", TRUE );
define ( "ADMIN_EMAIL", $getSiteConfig['siteemail'] );  
define ( "DOMAIN_NAME", $getSiteConfig['sitename'] );   
define ( "USE_SMTP", FALSE );
define ( "SMTP_PORT", "" );     
define ( "SMTP_HOST", "" ); 
define ( "SMTP_USER", "" );
define ( "SMTP_PASS", "" ); 
define ( "MAIL_IS_HTML", TRUE );    
/**
 * website title.
 */


if (!get_magic_quotes_gpc()) {
    if (isset($_POST)) {
        foreach ($_POST as $key => $value) {
            $_POST[$key] =  trim(addslashes($value));
        }
    }

    if (isset($_GET)) {
        foreach ($_GET as $key => $value) {
            $_GET[$key] = trim(addslashes($value));
        }
    }   
}

removeInactiveUsers();

?>

When I remove the deprecated get_magic_quotes_gpc(), and go to the login page, it's simply blank.

Dharman
  • 30,962
  • 25
  • 85
  • 135
reallyreally
  • 31
  • 1
  • 4
  • Welcome on StackOverflow! I guess there's an error in the title, PHP 7.6 doesn't exist. – Benoit Esnard Jan 18 '20 at 00:32
  • 1
    You should read the PHP 7.0 release notes to understand all the changes between PHP 5 and PHP 7. There are a number of incompatible changes. – Barmar Jan 18 '20 at 00:32

1 Answers1

5

Magic quotes were considered a security problem well before PHP 5.6, and they finally got removed.

The code you shared effectively emulates magic quotes if the magic quotes setting is turned off.

So to make your code work as before, all you have to do is remove if (!get_magic_quotes_gpc()) and make sure that the code within this block always runs.

However, since it emulates this feature with the associated security bugs, there's strong indication that your source is problematic. You should never have relied on this feature, and you should review all the code that does anything with database queries, or really anything in your source that relies on string escaping and verify them one by one. Don't rely on these hacky approaches to security.

Evert
  • 93,428
  • 18
  • 118
  • 189