Drupal uses fix_gpc_magic() to compensate for web-server environments that have "magic quotes" enabled, such that $_POST data are always extracted consistently. However, the parse_str() method that is used by ServicesParserURLEncoded->parse() does not apply the same kind of compensation, which leads to inconsistent data parsing when the same resource is deployed in environments that are configured differently. Currently, values that contain single or double quotes will get mangled on some machines before the data arguments reach a resource callback method.
The ServicesParserURLEncoded->parse() method must always extract the data values the same way, irrespective of the get_magic_quotes_gpc() configuration.
Comment | File | Size | Author |
---|---|---|---|
#3 | services-servicesparserurlencoded_mangles_data-2123447-3.patch | 847 bytes | Tiaan |
Comments
Comment #1
Tiaan CreditAttribution: Tiaan commentedThe attached patch uses drupal_get_query_array(), instead of parse_str(), which works irrespective of the specific "magic quotes" settings of a website.
Comment #3
Tiaan CreditAttribution: Tiaan commentedAttached is the same patch as before, except for being renamed to have the project name as prefix, and targeting the 3.x-dev branch.
Comment #4
marcingy CreditAttribution: marcingy commentedComment #5
ygerasimov CreditAttribution: ygerasimov commentedCommitted. Thanks.
Comment #6
kylebrowning CreditAttribution: kylebrowning commentedHrmm, this is breaking all of my tests locally.
Comment #7
kylebrowning CreditAttribution: kylebrowning commentedIve rolled this back, because its breaking my tests and I cannot seem to get it to pass on my local.
If you turn off magic quotes, the tests break, so this fix is not finished.
Comment #9
ygerasimov CreditAttribution: ygerasimov commentedSorry for committing. If this breaks tests lets close this issue with won't fix status. It is pretty easy to override this part for custom implementation.