Icy Phoenix

Old Support Topics - Magic Quotes And Add/strip Slashes To Be Deprecated

Hans [ Wed 28 Dec, 2011 15:31 ]
Post subject: Magic Quotes And Add/strip Slashes To Be Deprecated

mort wrote: [View Post]
I believe your biggest problem is paths?

This is your url:

http://thenortherntundra.com/viewtopic.php?f=3&t=1

Icy Phoenix is/was not designed to run in the root of your domain, although it can be made to do so.

Can I suggest that you remove all Icy Phoenix stuff from the root of your domain and create a folder "forum" (Or whatever you wish it to be) and upload all of Icy Phoenix to that folder and install it from there; so that you end up with something like this.

http://thenortherntundra.com/MyFolderName/viewtopic.php?f=3&t=1

It's the simplest way of avoiding all other problems in the future, when it comes to path issues - And in particular - .htaccess issues.

I thought that un-commenting this line from the .htaccess file was the only thing you needed to do when installing on root.
ea.

Code: [Hide] [Select]

RewriteEngine On

#This may cause issues with subdirs and so it is not enabled by default.

#RewriteBase /

becomes,

Code: [Hide] [Select]

RewriteEngine On

#This may cause issues with subdirs and so it is not enabled by default.

RewriteBase /

on a root directory install?

My forum is installed in the root dir.

mort [ Thu 29 Dec, 2011 08:51 ]
Post subject: Re: Images In Posts

I could point out some problems with having Icy htaccess in the root - But it's a bit pointless, as the last experience I had was with v27c (I think)

So no doubt I shall not be attempting to provide any other support in future because I have not been keeping up what's happened to Icy Phoenix since then - So it's time to move on again.

And what I mean by time to move on again - Counting both of my handles here, my total accumulative posts to date are 2,188 as I was trying to knock MG from the top spot and failed miserably.

Time for someone else to give it a try - But I guess it will never happen!

spydie [ Thu 29 Dec, 2011 16:53 ]
Post subject: Re: Images In Posts

hm. do you have magic_quotes_gpc on ??

as i see the Flags comented, but i´m not shure, since i don´t understand .htaccess files and rules very well.

anyway , this option should be on by default.

BTW there was a setting in ACP. images in posts, Upload should be set to ALL or Reg

and precompiled posts should be set OFF

mort [ Thu 29 Dec, 2011 21:19 ]
Post subject: Re: Images In Posts

I'm pretty sure Icy checks the status of magic_quotes_gpc before it adds slashes or not to prevent double-slashes etc.

And as I understand it magic_quotes_gpc wont exist in phpv6 and addslashes and stripslashes are to be deprecated and replaced with mysql_real_escape_string()

addslashes escapes: ', ", \, and NUL
mysql_real_escape_string escapes, in addition: \x00, \n, \r, and \x1a.

Edit:

And as for checking Magic Quotes etc, it should look something like this.

stripslashes or addslashes

Code: [Hide] [Select]

// escape variables

function escape($val){

	$val = trim($val);

	if(get_magic_quotes_gpc()) {

	$val = stripslashes($val);

	}

	 return mysql_real_escape_string($val);

}

Or just turn them off altogether in Icy Script.

Joshua203 [ Thu 29 Dec, 2011 22:37 ]
Post subject: Re: Images In Posts

If anyone would like me to split this topic just shout a new title and a location to put it, cause I think we're drifting away from devildog's support question imho

mort [ Fri 30 Dec, 2011 05:30 ]
Post subject: Magic Quotes And Add/strip Slashes To Be Deprecated

Read about this on google - - - Going to mean a lot of work for some people.

mort [ Fri 30 Dec, 2011 05:32 ]
Post subject: Re: Images In Posts

Cut it here Josh!

http://www.icyphoenix.com/viewtopic.php?p=54848#p54848

Joshua203 [ Fri 30 Dec, 2011 16:11 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

I hope this is how you meant it Mort ...

Hans [ Sat 31 Dec, 2011 07:11 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

LOL

I am lost. I should add little more info though.

The IcyPhoneix version I have installed in the root folder of my TLD is 1.3.0.53b, following I have attached my .htaccess from that website.

Spoiler: [ Show ]

Code: [Hide]

################################## 
#      Errors Pages - BEGIN      # 
################################## 
################################## 
# Decomment these lines to enable error document management. 
# You can add absolute path if you want always the correct path being parsed. 
# Something like: 
# ErrorDocument 400 http://www.icyphoenix.com/errors.php?code=400 
################################## 
ErrorDocument 400 /errors.php?code=400 
ErrorDocument 401 /errors.php?code=401 
ErrorDocument 403 /errors.php?code=403 
ErrorDocument 404 /errors.php?code=404 
#ErrorDocument 500 /errors.php?code=500 
################################## 
#       Errors Pages - END       # 
################################## 
 
 
<IfModule mod_deflate.c> 
    <IfModule mod_setenvif.c> 
        BrowserMatch ^Mozilla/4 gzip-only-text/html 
        BrowserMatch ^Mozilla/4\.0[678] no-gzip 
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html 
    </IfModule> 
    <IfModule mod_headers.c> 
        Header append Vary User-Agent env=!dont-vary 
    </IfModule> 
    <IfModule mod_filter.c> 
        AddOutputFilterByType DEFLATE text/css application/x-javascript text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon 
    </IfModule> 
</IfModule> 
<FilesMatch "\.(css|js|CSS|JS)$"> 
    FileETag None 
    <IfModule mod_headers.c> 
         Header set X-Powered-By "W3 Total Cache/0.9.2.3" 
    </IfModule> 
</FilesMatch> 
<FilesMatch "\.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|XML)$"> 
    FileETag None 
    <IfModule mod_headers.c> 
         Header set X-Powered-By "W3 Total Cache/0.9.2.3" 
    </IfModule> 
</FilesMatch> 
<FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|swf|tar|tif|tiff|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SWF|TAR|TIF|TIFF|WAV|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$"> 
    FileETag None 
    <IfModule mod_headers.c> 
         Header set X-Powered-By "W3 Total Cache/0.9.2.3" 
    </IfModule> 
</FilesMatch> 
 
RewriteEngine On 
#This may cause issues with subdirs and so it is not enabled by default. 
RewriteBase / 
 
#Make sure the whole site goes to www.mysite.com instead of mysite.com. This is good for the search engines 
#Edit and uncomment the below lines for your own site. 
#Make sure to replace icyphoenix.com with your site address. 
RewriteCond %{HTTP_HOST} ^gplforum.com 
RewriteRule (.*) http://www.gplforum.com/$1 [R=301,L] 
 
#Permanent redirection (the first line is the old domain, the second one is the new domain) 
#RewriteCond %{HTTP_HOST} ^hfase.com [NC] 
#RewriteCond %{HTTP_HOST} ^www.hfase.com [NC] 
#RewriteRule ^(.*)$ http://www.gplforum.com.com/$1 [R=301,L] 
 
########## Rewrite rules to block out some common exploits - BEGIN 
# 
# Block out any script trying to set a mosConfig value through the URL 
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] 
# Block out any script trying to base64_encode crap to send via URL 
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] 
# Block out any script that includes a <script> tag in URL 
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] 
# Block out any script trying to set a PHP GLOBALS variable via URL 
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] 
# Block out any script trying to modify a _REQUEST variable via URL 
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) 
# Send all blocked request to homepage with 403 Forbidden error! 
RewriteRule ^(.*)$ index.php [F,L] 
# 
########## Rewrite rules to block out some common exploits - END 
 
########## URL Rewrite - BEGIN 
RewriteRule ^.+-vf([0-9]*)-vt([0-9]*)-vp([0-9]*) ./viewtopic.php?%{QUERY_STRING}&f=$1&t=$2&p=$3 [L] 
RewriteRule ^.+-vf([0-9]*)-vt([0-9]*) ./viewtopic.php?%{QUERY_STRING}&f=$1&t=$2 [L] 
RewriteRule ^.+-vf([0-9]*)-vp([0-9]*) ./viewtopic.php?%{QUERY_STRING}&f=$1&p=$2 [L] 
RewriteRule ^.+-vc([0-9]*) ./forum.php?%{QUERY_STRING}&c=$1 [L] 
RewriteRule ^.+-vf([0-9]*) ./viewforum.php?%{QUERY_STRING}&f=$1 [L] 
RewriteRule ^.+-vt([0-9]*) ./viewtopic.php?%{QUERY_STRING}&t=$1 [L] 
RewriteRule ^.+-vp([0-9]*) ./viewtopic.php?%{QUERY_STRING}&p=$1 [L] 
 
RewriteRule ^.+-profile-u([0-9]*) ./profile.php?mode=viewprofile%{QUERY_STRING}&u=$1 [L] 
 
RewriteRule ^.+-ac([0-9]*) ./album_cat.php?%{QUERY_STRING}&cat_id=$1 [L] 
RewriteRule ^.+-aspf([0-9]*) ./album_showpage.php?%{QUERY_STRING}&pic_id=$1&full=true [L] 
RewriteRule ^.+-asp([0-9]*) ./album_showpage.php?%{QUERY_STRING}&pic_id=$1 [L] 
RewriteRule ^.+-aper([0-9]*) ./album_personal.php?%{QUERY_STRING}&user_id=$1 [L] 
RewriteRule ^.+-apic([0-9]*) ./album_pic.php?%{QUERY_STRING}&pic_id=$1 [L] 
RewriteRule ^.+-apm([0-9]*) ./album_picm.php?%{QUERY_STRING}&pic_id=$1 [L] 
RewriteRule ^.+-at([0-9]*) ./album_thumbnail.php?%{QUERY_STRING}&pic_id=$1 [L] 
 
RewriteRule ^.+-dc([0-9]*) ./dload.php?%{QUERY_STRING}action=category&cat_id=$1 [L] 
RewriteRule ^.+-df([0-9]*) ./dload.php?%{QUERY_STRING}action=file&file_id=$1 [L] 
 
RewriteRule ^.+-kbc([0-9]*) ./kb.php?%{QUERY_STRING}mode=cat&cat=$1 [L] 
RewriteRule ^.+-kba([0-9]*) ./kb.php?%{QUERY_STRING}mode=article&k=$1 [L] 
RewriteRule ^.+-kbsmp ./kb.php?mode=stats&stats=mostpopular [L] 
RewriteRule ^.+-kbstr ./kb.php?mode=stats&stats=toprated [L] 
RewriteRule ^.+-kbsl ./kb.php?mode=stats&stats=latest [L] 
RewriteRule ^.+-pbc([0-9]*) ./kb.php?%{QUERY_STRING}mode=cat&cat=$1 [L] 
RewriteRule ^.+-pa([0-9]*) ./kb.php?%{QUERY_STRING}mode=article&k=$1 [L] 
RewriteRule ^.+-psmp ./kb.php?mode=stats&stats=mostpopular [L] 
RewriteRule ^.+-pstr ./kb.php?mode=stats&stats=toprated [L] 
RewriteRule ^.+-pbsl ./kb.php?mode=stats&stats=latest [L] 
########## URL Rewrite - END 
 
# Block if useragent and referer are unknown. 
# the referer string can cause some problems with mozilla so it has been disabled 
#RewriteCond %{HTTP_REFERER} ^.*$ [OR] 
#RewriteCond %{HTTP_REFERER} ^-$ [OR] 
RewriteCond %{HTTP_USER_AGENT} ^-$ [OR] 
 
# You may want to enable these lines below to disallow php and perl scripts to access your site 
#RewriteCond %{HTTP_USER_AGENT} ^.*PHP.*$ [OR] 
RewriteCond %{HTTP_USER_AGENT} ^.*libwww-perl [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^libwww.* [NC] 
RewriteRule .* - [F,L] 
 
#SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots 
#Deny from env=block_bad_bots 
 
### VIRUS - EXPLOITS - BEGIN 
# SANTY 
RewriteCond %{HTTP_REFERER} ^.*$ 
RewriteRule ^.*%27.*$ http://127.0.0.1/ [redirect,last] 
RewriteRule ^.*%25.*$ http://127.0.0.1/ [redirect,last] 
RewriteRule ^.*rush=.*$ http://127.0.0.1/ [redirect,last] 
RewriteRule ^.*echr.*$ http://127.0.0.1/ [redirect,last] 
RewriteRule ^.*esystem.*$ http://127.0.0.1/ [redirect,last] 
RewriteRule ^.*wget.*$ http://127.0.0.1/ [redirect,last] 
RewriteCond %{HTTP_COOKIE}% s:(.*):%22test1%22%3b 
RewriteRule ^.*$ http://127.0.0.1/ [R,L] 
 
# Prevent perl user agent (most often used by santy) 
RewriteCond %{HTTP_USER_AGENT} ^lwp.* [NC] 
RewriteRule ^.*$ http://127.0.0.1/ [R,L] 
 
# This ruleset is to "stop" stupid attempts to use MS IIS expolits on us 
# NIMDA 
RewriteCond %{REQUEST_URI} /(adminï¿½cmdï¿½httpodbcï¿½nsiislogï¿½rootï¿½shell)\.(dllï¿½exe) [NC] 
RewriteRule !(error\.php|robots\.txt) /error.php?mode=nimda [L,E=HTTP_USER_AGENT:NIMDA_EXPLOIT,T=application/x-httpd-cgi] 
 
# CODERED 
RewriteCond %{REQUEST_URI} /default\.(idaï¿½idq)$ [NC,OR] 
RewriteCond %{REQUEST_URI} /.*\.printer$ [NC] 
RewriteRule !(error\.php|robots\.txt) /error.php?mode=codered [L,E=HTTP_USER_AGENT:CODERED_EXPLOIT,T=application/x-httpd-cgi] 
### VIRUS - EXPLOITS - END 
 
# User-Agents with no privileges (mostly spambots/spybots/offline downloaders that ignore robots.txt) 
# These bots are anoying website harvesting tools, webdownloaders, and a few misc annoyances. 
 
# Rude Bots - BEGIN 
### All bots removed to speed up things in htaccess... 
# Rude Bots - END 
 
# SPAM Referers - BEGIN 
### All bots removed to speed up things in htaccess... 
# SPAM Referers - END 
 
# IE's "make available offline" mode 
RewriteCond %{HTTP_USER_AGENT} MSIECrawler [OR] 
 
# Various 
RewriteCond %{REQUEST_URI} ^/(bin/|cgi/|cgi\-local/|cgi\-bin/|sumthin) [NC,OR] 
RewriteCond %{THE_REQUEST} ^GET\ http [NC,OR] 
RewriteCond %{REQUEST_METHOD}!^(GET|HEAD|POST) [NC,OR] 
 
# Cyveillance is a spybot that scours the web for copyright violations and ?damaging information? on 
# behalf of clients such as the RIAA and MPAA. Their robot spoofs its User-Agent to look like Internet 
# Explorer, and it completely ignores robots.txt. So it has been banned it by IP address. 
RewriteCond %{REMOTE_ADDR} ^63\.148\.99\.2(2[4-9]|[34][0-9]|5[0-5])$ [OR] 
RewriteCond %{REMOTE_ADDR} ^63\.226\.3[34]\. [OR] 
RewriteCond %{REMOTE_ADDR} ^63\.212\.171\.161$ [OR] 
RewriteCond %{REMOTE_ADDR} ^65\.118\.41\.(19[2-9]|2[01][0-9]|22[0-3])$ [OR] 
 
# NameProtect peddles their ?online brand monitoring? to unsuspecting and gullible companies 
# looking for people to sue. Despite the claims on their robot information page, they do not 
# respect robots.txt; in fact, they spoof their User-Agent in multiple ways to avoid detection. 
# I have banned them by User-Agent and IP address. 
RewriteCond %{REMOTE_ADDR} ^12\.148\.196\.(12[8-9]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])$ [OR] 
RewriteCond %{REMOTE_ADDR} ^12\.148\.209\.(19[2-9]|2[0-4][0-9]|25[0-5])$ [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NPBot [NC,OR] 
 
# This ruleset is for formmail script abusers... 
# We don't use Perl for Postnuke so this is not really needed. 
RewriteCond %{REQUEST_URI} (mail.?form|form|form.?mail|mail|mailto)\.(cgiï¿½exeï¿½pl)$ [NC] 
 
# Used to send these bots to someplace else you can change the url to whatever you would like 
#RewriteRule .* http://www.facebook.com/ [F,R,L] 
#RewriteRule /* http://www.geocities.com/WestHollywood/Heights/3204/1home.html [L,R] 
#RewriteRule !(errors\.php|robots\.txt) /errors.php?code=404 [L,E=HTTP_USER_AGENT:BAD_USER_AGENT] 
#RewriteRule !(errors\.php|robots\.txt) /errors.php?code=404 [L,E=HTTP_USER_AGENT:FORMMAIL_EXPLOIT,T=application/x-httpd-cgi] 
# This could also be used to simply deny access to your site instead of the one above 
#RewriteRule .* - [F,L] 

Notice that the rewite base is uncommented at line 55, this website is hosted on a shared server with GoDaddy. The URL if you wish to check that things are working is www.gplforum.com

I can't think of anything that I have had a problem with due to it being installed in the root folder, however if anyone knows of any problems with later versions please let me know.

Informpro [ Mon 02 Jan, 2012 21:03 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

Never experienced any problem with RewriteBase to /, may it be with IcyPhoenix or my own websites.

mort [ Mon 02 Jan, 2012 23:02 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

Oh Dear,

The problem is that in the past some of those people who had/have installed IP to the root of the public folder.

Then used cPanel or the likes to add "hot-linking, re-directs" etc, and the whole script in the .htaccess file has collapsed into one continuous line.

Doesn't work all that well when it's just one BIG - - LONG string of commands.

And no-one said it CAN'T work in the root of the public folder - it just needs to be adjusted in the manner that you two have gone on and on about.

Hans [ Wed 04 Jan, 2012 16:13 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

Ahh! Thanks for explaining.

Yeah I don't use Cpanel for any of my websites, I have access to a form of it with my Godaddy host but I only use the economy service with them anyway. (so there is no need for virtual-hosts and so on)

For my local server I am a die-hard unix guy, so everything is done manually. For example; to keep everything clean on my server, I install everything to it's own directory (/var/www/IcyPhoenix_1.3...) so I know what version I am running and everything like that. On top of that everything get it's own database accordingly.

Mighty Gorgon [ Sun 08 Jan, 2012 19:52 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

I'm a bit lost in this topic... I still don't understand what the issue is.

If it is not solved yet, can you please try to explain again please?

Hans [ Sun 08 Jan, 2012 20:17 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

Well this topic got split for some reason that I have yet to understand.

The original problem was here >> http://www.icyphoenix.com/viewtopic.php?f=2&t=8299

Not sure why it got split or what it has to do with the new title, but I have no problem.

Mighty Gorgon [ Sun 08 Jan, 2012 20:31 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

If there are no issues and everything is working fine... I have no issues then!

Joshua203 [ Sun 08 Jan, 2012 20:40 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

Hans wrote: [View Post]
Well this topic got split for some reason that I have yet to understand.

I suggested splitting because we were drifting further offtopic from the initial support question Hans.

mort [ Tue 10 Jan, 2012 09:42 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

Joshua203 wrote: [View Post]
Because we were drifting further off topic from the initial support question.

More like fell off the cliff?

But I thought I re-started this in General Chat, as I couldn't see much value in it being in General Support because it's more rambling than topical.

Hahahaha!

Joshua203 [ Tue 10 Jan, 2012 13:54 ]
Post subject: Re: Magic Quotes And Add/strip Slashes To Be Deprecated

Yeah later it got moved again, I guess by MG, I must admit I had the same thought but did not act on it