ServicesParserURLEncoded->parse() mangles data when magic quotes enabled [#2123447]

Drupal uses fix_gpc_magic() to compensate for web-server environments that have "magic quotes" enabled, such that $_POST data are always extracted consistently. However, the parse_str() method that is used by ServicesParserURLEncoded->parse() does not apply the same kind of compensation, which leads to inconsistent data parsing when the same resource is deployed in environments that are configured differently. Currently, values that contain single or double quotes will get mangled on some machines before the data arguments reach a resource callback method.

The ServicesParserURLEncoded->parse() method must always extract the data values the same way, irrespective of the get_magic_quotes_gpc() configuration.

Comment	File	Size	Author
#3	services-servicesparserurlencoded_mangles_data-2123447-3.patch	847 bytes	Tiaan
#3
#1	servicesparserurlencoded_mangles_data-2123447-1.patch	847 bytes	Tiaan
#1

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

Tiaan CreditAttribution: Tiaan commented 30 October 2013 at 18:44

Status:

Active

» Needs review

File	Size
servicesparserurlencoded_mangles_data-2123447-1.patch	847 bytes

The attached patch uses drupal_get_query_array(), instead of parse_str(), which works irrespective of the specific "magic quotes" settings of a website.

Comment #2

30 October 2013 at 18:52

Status:

Needs review

» Needs work

The last submitted patch, servicesparserurlencoded_mangles_data-2123447-1.patch, failed testing.

Comment #3

Tiaan CreditAttribution: Tiaan commented 1 November 2013 at 14:37

Version:	7.x-3.5	» 7.x-3.x-dev
Issue summary:	View changes
Status:	Needs work	» Needs review

File	Size
services-servicesparserurlencoded_mangles_data-2123447-3.patch	847 bytes

1 file was hidden/shown/deleted

File	Size
servicesparserurlencoded_mangles_data-2123447-1.patch	847 bytes

Attached is the same patch as before, except for being renamed to have the project name as prefix, and targeting the 3.x-dev branch.

Comment #4

marcingy CreditAttribution: marcingy commented 10 November 2013 at 16:48

Status:

Needs review

» Reviewed & tested by the community

Comment #5

ygerasimov CreditAttribution: ygerasimov commented 12 December 2013 at 18:02

Status:

Reviewed & tested by the community

» Fixed

Committed. Thanks.

Comment #6

kylebrowning CreditAttribution: kylebrowning commented 18 December 2013 at 22:29

Hrmm, this is breaking all of my tests locally.

Comment #7

kylebrowning CreditAttribution: kylebrowning commented 18 December 2013 at 22:39

Status:

Fixed

» Needs work

Ive rolled this back, because its breaking my tests and I cannot seem to get it to pass on my local.

If you turn off magic quotes, the tests break, so this fix is not finished.

Comment #8

18 December 2013 at 22:58

The last submitted patch, 3: services-servicesparserurlencoded_mangles_data-2123447-3.patch, failed testing.

Comment #9

ygerasimov CreditAttribution: ygerasimov commented 31 December 2013 at 12:30

Status:

Needs work

» Closed (won't fix)

Sorry for committing. If this breaks tests lets close this issue with won't fix status. It is pretty easy to override this part for custom implementation.