https://www.icyphoenix.com/viewtopic.php?f=35&t=8315
-----------------------------------
Hans
Wed 28 Dec, 2011 15:31

Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
[quote user="mort" post="54805"]I believe your biggest problem is paths? :(

This is your url:

http://thenortherntundra.com/viewtopic.php?f=3&t=1

Icy Phoenix is/was not designed to run in the root of your domain, although it can be made to do so.

Can I suggest that you remove all Icy Phoenix stuff from the root of your domain and create a folder "forum" (Or whatever you wish it to be) and upload all of Icy Phoenix to that folder and install it from there; so that you end up with something like this.

http://thenortherntundra.com/MyFolderName/viewtopic.php?f=3&t=1

It's the simplest way of avoiding all other problems in the future, when it comes to path issues - And in particular - .htaccess issues. ;)[/quote]

I thought that un-commenting this line from the .htaccess file was the only thing you needed to do when installing on root.
ea.
[code linenumbers=false]RewriteEngine On
#This may cause issues with subdirs and so it is not enabled by default.
#RewriteBase /[/code]
becomes,
[code linenumbers=false]RewriteEngine On
#This may cause issues with subdirs and so it is not enabled by default.
RewriteBase /[/code]
on a root directory install?

My forum is installed in the root dir.  :?


-----------------------------------
mort
Thu 29 Dec, 2011 08:51

Re: Images In Posts
-----------------------------------
I could point out some problems with having Icy htaccess in the root - But it's a bit pointless, as the last experience I had was with v27c [b][i](I think)[/i][/b] ;)

So no doubt I shall not be attempting to provide any other support in future because I have not been keeping up what's happened to Icy Phoenix since then - So it's time to move on again.   :P

And what I mean by [i]time to move on again [/i]- Counting both of my handles here, my total accumulative posts to date are 2,188 as I was trying to knock MG from the top spot and failed miserably.  :lol: 


[b][i][size=14]Time for someone else to give it a try - But I guess it will never happen! [/size][/i][/b] :mrgreen:


-----------------------------------
spydie
Thu 29 Dec, 2011 16:53

Re: Images In Posts
-----------------------------------
hm. do you have magic_quotes_gpc on ?? 

as i see the Flags comented, but i´m not shure, since i don´t understand .htaccess files and rules very well.

anyway , this option should be on by default.

BTW there was a setting in ACP. images in posts, Upload should be set to ALL or Reg

and precompiled posts should be set OFF


-----------------------------------
mort
Thu 29 Dec, 2011 21:19

Re: Images In Posts
-----------------------------------
I'm pretty sure Icy checks the status of magic_quotes_gpc before it adds slashes or not to prevent double-slashes etc.

And as I understand it magic_quotes_gpc wont exist in phpv6 and addslashes and stripslashes are to be deprecated and replaced with mysql_real_escape_string()


addslashes escapes: ', ", \, and NUL
mysql_real_escape_string escapes, in addition: \x00, \n, \r, and \x1a.

[b]Edit:[/b]

And as for checking Magic Quotes etc, it should look something like this.

stripslashes or addslashes

[code linenumbers=false]// escape variables
function escape($val){

	$val = trim($val);

	if(get_magic_quotes_gpc()) {
	$val = stripslashes($val);
	}
	 return mysql_real_escape_string($val);
}
[/code]


Or just turn them off altogether in Icy Script. ;)


-----------------------------------
Joshua203
Thu 29 Dec, 2011 22:37

Re: Images In Posts
-----------------------------------
If anyone would like me to split this topic just shout a new title and a location to put it, cause I think we're drifting away from devildog's support question imho  :lol:


-----------------------------------
mort
Fri 30 Dec, 2011 05:30

Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
Read about this on google - - - Going to mean a lot of work for some people.  :mryellow:


-----------------------------------
mort
Fri 30 Dec, 2011 05:32

Re: Images In Posts
-----------------------------------
Cut it here Josh!  :mryellow: 

http://www.icyphoenix.com/viewtopic.php?p=54848#p54848


-----------------------------------
Joshua203
Fri 30 Dec, 2011 16:11

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
I hope this is how you meant it Mort ... :wink:


-----------------------------------
Hans
Sat 31 Dec, 2011 07:11

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
LOL

I am lost. I should add  little more info though.

The IcyPhoneix version I have installed in the root folder of my TLD is 1.3.0.53b, following I have attached my .htaccess from that website.
[spoiler][code linenumbers=true]##################################
#      Errors Pages - BEGIN      #
##################################
##################################
# Decomment these lines to enable error document management.
# You can add absolute path if you want always the correct path being parsed.
# Something like:
# ErrorDocument 400 http://www.icyphoenix.com/errors.php?code=400
##################################
ErrorDocument 400 /errors.php?code=400
ErrorDocument 401 /errors.php?code=401
ErrorDocument 403 /errors.php?code=403
ErrorDocument 404 /errors.php?code=404
#ErrorDocument 500 /errors.php?code=500
##################################
#       Errors Pages - END       #
##################################


<IfModule mod_deflate.c>
    <IfModule mod_setenvif.c>
        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
    </IfModule>
    <IfModule mod_headers.c>
        Header append Vary User-Agent env=!dont-vary
    </IfModule>
    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE text/css application/x-javascript text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon
    </IfModule>
</IfModule>
<FilesMatch "\.(css|js|CSS|JS)$">
    FileETag None
    <IfModule mod_headers.c>
         Header set X-Powered-By "W3 Total Cache/0.9.2.3"
    </IfModule>
</FilesMatch>
<FilesMatch "\.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|XML)$">
    FileETag None
    <IfModule mod_headers.c>
         Header set X-Powered-By "W3 Total Cache/0.9.2.3"
    </IfModule>
</FilesMatch>
<FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|swf|tar|tif|tiff|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SWF|TAR|TIF|TIFF|WAV|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
    FileETag None
    <IfModule mod_headers.c>
         Header set X-Powered-By "W3 Total Cache/0.9.2.3"
    </IfModule>
</FilesMatch>

RewriteEngine On
#This may cause issues with subdirs and so it is not enabled by default.
RewriteBase /

#Make sure the whole site goes to www.mysite.com instead of mysite.com. This is good for the search engines
#Edit and uncomment the below lines for your own site.
#Make sure to replace icyphoenix.com with your site address.
RewriteCond %{HTTP_HOST} ^gplforum.com
RewriteRule (.*) http://www.gplforum.com/$1 [R=301,L]

#Permanent redirection (the first line is the old domain, the second one is the new domain)
#RewriteCond %{HTTP_HOST} ^hfase.com [NC]
#RewriteCond %{HTTP_HOST} ^www.hfase.com [NC]
#RewriteRule ^(.*)$ http://www.gplforum.com.com/$1 [R=301,L]

########## Rewrite rules to block out some common exploits - BEGIN
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## Rewrite rules to block out some common exploits - END

########## URL Rewrite - BEGIN
RewriteRule ^.+-vf([0-9]*)-vt([0-9]*)-vp([0-9]*) ./viewtopic.php?%{QUERY_STRING}&f=$1&t=$2&p=$3 [L]
RewriteRule ^.+-vf([0-9]*)-vt([0-9]*) ./viewtopic.php?%{QUERY_STRING}&f=$1&t=$2 [L]
RewriteRule ^.+-vf([0-9]*)-vp([0-9]*) ./viewtopic.php?%{QUERY_STRING}&f=$1&p=$2 [L]
RewriteRule ^.+-vc([0-9]*) ./forum.php?%{QUERY_STRING}&c=$1 [L]
RewriteRule ^.+-vf([0-9]*) ./viewforum.php?%{QUERY_STRING}&f=$1 [L]
RewriteRule ^.+-vt([0-9]*) ./viewtopic.php?%{QUERY_STRING}&t=$1 [L]
RewriteRule ^.+-vp([0-9]*) ./viewtopic.php?%{QUERY_STRING}&p=$1 [L]

RewriteRule ^.+-profile-u([0-9]*) ./profile.php?mode=viewprofile%{QUERY_STRING}&u=$1 [L]

RewriteRule ^.+-ac([0-9]*) ./album_cat.php?%{QUERY_STRING}&cat_id=$1 [L]
RewriteRule ^.+-aspf([0-9]*) ./album_showpage.php?%{QUERY_STRING}&pic_id=$1&full=true [L]
RewriteRule ^.+-asp([0-9]*) ./album_showpage.php?%{QUERY_STRING}&pic_id=$1 [L]
RewriteRule ^.+-aper([0-9]*) ./album_personal.php?%{QUERY_STRING}&user_id=$1 [L]
RewriteRule ^.+-apic([0-9]*) ./album_pic.php?%{QUERY_STRING}&pic_id=$1 [L]
RewriteRule ^.+-apm([0-9]*) ./album_picm.php?%{QUERY_STRING}&pic_id=$1 [L]
RewriteRule ^.+-at([0-9]*) ./album_thumbnail.php?%{QUERY_STRING}&pic_id=$1 [L]

RewriteRule ^.+-dc([0-9]*) ./dload.php?%{QUERY_STRING}action=category&cat_id=$1 [L]
RewriteRule ^.+-df([0-9]*) ./dload.php?%{QUERY_STRING}action=file&file_id=$1 [L]

RewriteRule ^.+-kbc([0-9]*) ./kb.php?%{QUERY_STRING}mode=cat&cat=$1 [L]
RewriteRule ^.+-kba([0-9]*) ./kb.php?%{QUERY_STRING}mode=article&k=$1 [L]
RewriteRule ^.+-kbsmp ./kb.php?mode=stats&stats=mostpopular [L]
RewriteRule ^.+-kbstr ./kb.php?mode=stats&stats=toprated [L]
RewriteRule ^.+-kbsl ./kb.php?mode=stats&stats=latest [L]
RewriteRule ^.+-pbc([0-9]*) ./kb.php?%{QUERY_STRING}mode=cat&cat=$1 [L]
RewriteRule ^.+-pa([0-9]*) ./kb.php?%{QUERY_STRING}mode=article&k=$1 [L]
RewriteRule ^.+-psmp ./kb.php?mode=stats&stats=mostpopular [L]
RewriteRule ^.+-pstr ./kb.php?mode=stats&stats=toprated [L]
RewriteRule ^.+-pbsl ./kb.php?mode=stats&stats=latest [L]
########## URL Rewrite - END

# Block if useragent and referer are unknown.
# the referer string can cause some problems with mozilla so it has been disabled
#RewriteCond %{HTTP_REFERER} ^.*$ [OR]
#RewriteCond %{HTTP_REFERER} ^-$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^-$ [OR]

# You may want to enable these lines below to disallow php and perl scripts to access your site
#RewriteCond %{HTTP_USER_AGENT} ^.*PHP.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww.* [NC]
RewriteRule .* - [F,L]

#SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
#Deny from env=block_bad_bots

### VIRUS - EXPLOITS - BEGIN
# SANTY
RewriteCond %{HTTP_REFERER} ^.*$
RewriteRule ^.*%27.*$ http://127.0.0.1/ [redirect,last]
RewriteRule ^.*%25.*$ http://127.0.0.1/ [redirect,last]
RewriteRule ^.*rush=.*$ http://127.0.0.1/ [redirect,last]
RewriteRule ^.*echr.*$ http://127.0.0.1/ [redirect,last]
RewriteRule ^.*esystem.*$ http://127.0.0.1/ [redirect,last]
RewriteRule ^.*wget.*$ http://127.0.0.1/ [redirect,last]
RewriteCond %{HTTP_COOKIE}% s:(.*):%22test1%22%3b
RewriteRule ^.*$ http://127.0.0.1/ [R,L]

# Prevent perl user agent (most often used by santy)
RewriteCond %{HTTP_USER_AGENT} ^lwp.* [NC]
RewriteRule ^.*$ http://127.0.0.1/ [R,L]

# This ruleset is to "stop" stupid attempts to use MS IIS expolits on us
# NIMDA
RewriteCond %{REQUEST_URI} /(adminï¿½cmdï¿½httpodbcï¿½nsiislogï¿½rootï¿½shell)\.(dllï¿½exe) [NC]
RewriteRule !(error\.php|robots\.txt) /error.php?mode=nimda [L,E=HTTP_USER_AGENT:NIMDA_EXPLOIT,T=application/x-httpd-cgi]

# CODERED
RewriteCond %{REQUEST_URI} /default\.(idaï¿½idq)$ [NC,OR]
RewriteCond %{REQUEST_URI} /.*\.printer$ [NC]
RewriteRule !(error\.php|robots\.txt) /error.php?mode=codered [L,E=HTTP_USER_AGENT:CODERED_EXPLOIT,T=application/x-httpd-cgi]
### VIRUS - EXPLOITS - END

# User-Agents with no privileges (mostly spambots/spybots/offline downloaders that ignore robots.txt)
# These bots are anoying website harvesting tools, webdownloaders, and a few misc annoyances.

# Rude Bots - BEGIN
### All bots removed to speed up things in htaccess...
# Rude Bots - END

# SPAM Referers - BEGIN
### All bots removed to speed up things in htaccess...
# SPAM Referers - END

# IE's "make available offline" mode
RewriteCond %{HTTP_USER_AGENT} MSIECrawler [OR]

# Various
RewriteCond %{REQUEST_URI} ^/(bin/|cgi/|cgi\-local/|cgi\-bin/|sumthin) [NC,OR]
RewriteCond %{THE_REQUEST} ^GET\ http [NC,OR]
RewriteCond %{REQUEST_METHOD}!^(GET|HEAD|POST) [NC,OR]

# Cyveillance is a spybot that scours the web for copyright violations and ?damaging information? on
# behalf of clients such as the RIAA and MPAA. Their robot spoofs its User-Agent to look like Internet
# Explorer, and it completely ignores robots.txt. So it has been banned it by IP address.
RewriteCond %{REMOTE_ADDR} ^63\.148\.99\.2(2[4-9]|[34][0-9]|5[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^63\.226\.3[34]\. [OR]
RewriteCond %{REMOTE_ADDR} ^63\.212\.171\.161$ [OR]
RewriteCond %{REMOTE_ADDR} ^65\.118\.41\.(19[2-9]|2[01][0-9]|22[0-3])$ [OR]

# NameProtect peddles their ?online brand monitoring? to unsuspecting and gullible companies
# looking for people to sue. Despite the claims on their robot information page, they do not
# respect robots.txt; in fact, they spoof their User-Agent in multiple ways to avoid detection.
# I have banned them by User-Agent and IP address.
RewriteCond %{REMOTE_ADDR} ^12\.148\.196\.(12[8-9]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.209\.(19[2-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^NPBot [NC,OR]

# This ruleset is for formmail script abusers...
# We don't use Perl for Postnuke so this is not really needed.
RewriteCond %{REQUEST_URI} (mail.?form|form|form.?mail|mail|mailto)\.(cgiï¿½exeï¿½pl)$ [NC]

# Used to send these bots to someplace else you can change the url to whatever you would like
#RewriteRule .* http://www.facebook.com/ [F,R,L]
#RewriteRule /* http://www.geocities.com/WestHollywood/Heights/3204/1home.html [L,R]
#RewriteRule !(errors\.php|robots\.txt) /errors.php?code=404 [L,E=HTTP_USER_AGENT:BAD_USER_AGENT]
#RewriteRule !(errors\.php|robots\.txt) /errors.php?code=404 [L,E=HTTP_USER_AGENT:FORMMAIL_EXPLOIT,T=application/x-httpd-cgi]
# This could also be used to simply deny access to your site instead of the one above
#RewriteRule .* - [F,L][/code][/spoiler] 

Notice that the rewite base is uncommented at line [b]55[/b], this website is hosted on a shared server with GoDaddy. The URL if you wish to check that things are working is www.gplforum.com


I can't think of anything that I have had a problem with due to it being installed in the root folder, however if anyone knows of any problems with later versions please let me know.


-----------------------------------
Informpro
Mon 02 Jan, 2012 21:03

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
Never experienced any problem with RewriteBase to /, may it be with IcyPhoenix or my own websites.


-----------------------------------
mort
Mon 02 Jan, 2012 23:02

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
Oh Dear,

The problem is that in the past some of those people who had/have installed IP to the root of the public folder.

Then used cPanel or the likes to add "hot-linking, re-directs" etc, and the whole script in the .htaccess file has collapsed into one continuous line.

Doesn't work all that well when it's just one BIG - -  LONG string of commands. :P

And no-one said it CAN'T work in the root of the public folder - it just needs to be adjusted in the manner that you two have gone on and on about.


-----------------------------------
Hans
Wed 04 Jan, 2012 16:13

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
Ahh! Thanks for explaining.

Yeah I don't use Cpanel for any of my websites, I have access to a form of it with my Godaddy host but I only use the economy service with them anyway. (so there is no need for virtual-hosts and so on)

For my local server I am a die-hard unix guy, so everything is done manually. For example; to keep everything clean on my server, I install everything to it's own directory (/var/www/IcyPhoenix_1.3...) so I know what version I am running and everything like that. On top of that everything get it's own database accordingly.


-----------------------------------
Mighty Gorgon
Sun 08 Jan, 2012 19:52

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
I'm a bit lost in this topic... I still don't understand what the issue is. :sad:

If it is not solved yet, can you please try to explain again please?


-----------------------------------
Hans
Sun 08 Jan, 2012 20:17

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
Well this topic got split for some reason that I have yet to understand.

The original problem was  here >> http://www.icyphoenix.com/viewtopic.php?f=2&t=8299

Not sure why it got split or what it has to do with the new title, but I have no problem.


-----------------------------------
Mighty Gorgon
Sun 08 Jan, 2012 20:31

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
If there are no issues and everything is working fine... I have no issues then! :mri:


-----------------------------------
Joshua203
Sun 08 Jan, 2012 20:40

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
[quote user="Hans" post="54968"]Well this topic got split for some reason that I have yet to understand.[/quote]

I suggested splitting because we were drifting further offtopic from the initial support question Hans.


-----------------------------------
mort
Tue 10 Jan, 2012 09:42

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
[quote user="Joshua203" post="54975"]Because we were drifting further off topic from the initial support question.[/quote]

More like fell off the cliff?  :lol: 

But I thought I re-started this in General Chat, as I couldn't see much value in it being in General Support because it's more rambling than topical.

[b]Hahahaha![/b]  :P


-----------------------------------
Joshua203
Tue 10 Jan, 2012 13:54

Re: Magic Quotes And Add/strip Slashes To Be Deprecated
-----------------------------------
Yeah later it got moved again, I guess by MG, I must admit I had the same thought but did not act on it  :mryellow: