PHP magic_quotes_gpc setting

Hi,

some of my clients are reporting that Joomla gives them following warning message:

[LEFT] Following PHP Server Settings are not optimal for Security and it is recommended to change them:

  • PHP magic_quotes_gpc setting is `OFF` instead of `ON`Please check the Official Joomla! Server Security post for more information. [/LEFT]

    I haven’t touched PHP settings to make sure everything works as expected by Interworx-CP. What is the right solution and/or value for this PHP settings variable, as recommended by Interworx?

    Thanks,

    Muad

  • This is really messy. You can turn on magic_quotes_gpc per-domain in the confiugration file, per diretory using .htaccess (in both cases “php_flag magic_quotes_gpc On”) or in php.ini.

    magic_quotes_gpc is an attempt to protect people from themselves. It escapes incoming data to help prevent SQL injection and such. The problem is, software that does what it should do and attempts to sanitize incoming data can cause problems if magic_quotes_gpc is on. Things get double escaped unless detection is used, in which case things get slightly messier :slight_smile:

    If magic_quotes_gpc should be on or not is a matter of opinion. I say no, others say yes.