The problem seems to have something to do with settings for so called magic quotes. I have been advised and I quote:
*This is a recent Hostmonster and Bluehost server issue*
*In php.ini change this*
*; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off*
But now I have another problem. As soon as I try to save a block I get a message similar to the following regardless of browser used. The wording in Chrome is:
* The changes you made will be lost when you leave this page. Are you sure you want to leave this page? [with choices] Leave this page? Stay on this page?*
Any experience with this?
*Thanks *
*Tony *
* *
On Fri, Apr 27, 2012 at 5:45 PM, Ms. Nancy Wichmann nan_wich@bellsouth.netwrote:
I have never encountered this. The first place I would look is the filters that are part of the input format. That's why I suggested creating an input format with no filters.
*Nancy* Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
*From:* Anthony tony@tony-mac.com *To:* support@drupal.org; Ms. Nancy Wichmann nan_wich@bellsouth.net *Sent:* Friday, April 27, 2012 5:37 PM *Subject:* Re: [support] Strange characters in source of block
Yes am admin. Have disabled wysiwyg. Have disabled CKEditor. Have even tried to set the filter to Display Suite Code, plus all the other filters. Have disabled pathlogic. Something is still inserting the backslashes before quotation marks. Could I have chosen some option somewhere that would do this? Crazy.
One other thing with this backslash situation:
I looked in the log and find some entries I can not explain. I know I was sitting in a pub drinking beer with a buddy on the 26th from 6-9.
Yet the log says an anonymous user was running cron at 19:33. Is this something automatically run? Then the message about an image not being able to be generated sounds like one of the errors I had when I was trying to fix the backslash problem. I certainly wasn't awake at 2 in the morning. Not having much experience at all with the logging system in Drupal I really don't know how to explain. (yes my time zone settings are set to west coast.) Here just a few of the entries.
cron 04/27/2012 - 09:48 Cron run completed. Anonymous (not verified) image 04/27/2012 - 06:37 Unable to generate the derived image located at... Anonymous (not verified) page not found 04/27/2012 - 02:20 node/7 Anonymous (not verified) cron 04/27/2012 - 00:52 Cron run completed. Anonymous (not verified) page not found 04/27/2012 - 00:52 node/11 Anonymous (not verified) image 04/26/2012 - 23:15 Unable to generate the derived image located at... Anonymous (not verified) cron 04/26/2012 - 19:33 Cron run completed. Anonymous (not verified) page not found 04/26/2012 - 19:33 * Anonymous (not verified) image 04/26/2012 - 19:10 Unable to generate the derived image located at... Anonymous (not verified) cron 04/26/2012 - 15:51 Cron run completed. Anonymous (not verified)
Tony
On Sat, Apr 28, 2012 at 11:47 AM, Anthony tony@tony-mac.com wrote:
The problem seems to have something to do with settings for so called magic quotes. I have been advised and I quote:
*This is a recent Hostmonster and Bluehost server issue*
*In php.ini change this*
*; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off*
But now I have another problem. As soon as I try to save a block I get a message similar to the following regardless of browser used. The wording in Chrome is:
- The changes you made will be lost when you leave this page. Are you
sure you want to leave this page? [with choices] Leave this page? Stay on this page?*
Any experience with this?
*Thanks
*Tony
On Fri, Apr 27, 2012 at 5:45 PM, Ms. Nancy Wichmann < nan_wich@bellsouth.net> wrote:
I have never encountered this. The first place I would look is the filters that are part of the input format. That's why I suggested creating an input format with no filters.
*Nancy* Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
*From:* Anthony tony@tony-mac.com *To:* support@drupal.org; Ms. Nancy Wichmann nan_wich@bellsouth.net *Sent:* Friday, April 27, 2012 5:37 PM *Subject:* Re: [support] Strange characters in source of block
Yes am admin. Have disabled wysiwyg. Have disabled CKEditor. Have even tried to set the filter to Display Suite Code, plus all the other filters. Have disabled pathlogic. Something is still inserting the backslashes before quotation marks. Could I have chosen some option somewhere that would do this? Crazy.
--
*Anthony Stefan Maciejowski*
On Sun, Apr 29, 2012 at 12:26 AM, Anthony tony@tony-mac.com wrote:
One other thing with this backslash situation:
I looked in the log and find some entries I can not explain. I know I was sitting in a pub drinking beer with a buddy on the 26th from 6-9.
Yet the log says an anonymous user was running cron at 19:33. Is this
The cron process would run as the anonymous user from the crontab entry, I assume you have one setup in your cPanel.
something automatically run? Then the message about an image not being able to be generated sounds like one of the errors I had when I was trying to fix the backslash problem. I certainly wasn't awake at 2 in the morning. Not having much experience at all with the logging system in Drupal I really don't know how to explain. (yes my time zone settings are set to west coast.) Here just a few of the entries.
cron 04/27/2012 - 09:48 Cron run completed. Anonymous (not verified)
Generated by the cron run, which is OK.
image 04/27/2012 - 06:37 Unable to generate the derived image located at... Anonymous (not verified)
Generated by some module, I don't know if it is good or not.
page not found 04/27/2012 - 02:20 node/7 Anonymous (not verified)
Someone accessed node/7 and it doesn't exist.
cron 04/27/2012 - 00:52 Cron run completed. Anonymous (not verified)
See above.
page not found 04/27/2012 - 00:52 node/11 Anonymous (not verified)
Someone accessed node/11 and it doesn't exist.
image 04/26/2012 - 23:15 Unable to generate the derived image located at... Anonymous (not verified)
See above.
I don't see anything in the operation here that would cause the " or " entries. Note that \ is prepended to " before saving it in the DB via http://us3.php.net/mysql_real_escape_string and is supposed to be in the DB data if that is where you are checking it.
BlueHost just redeployed some servers and MagicQuotes seems to be everywhere. COMPLAIN TO THEM! (Like I did)
Joel
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Earnie Boyd Sent: Monday, April 30, 2012 8:11 AM To: support@drupal.org Subject: Re: [support] Strange characters in source of block
On Sun, Apr 29, 2012 at 12:26 AM, Anthony tony@tony-mac.com wrote:
One other thing with this backslash situation:
I looked in the log and find some entries I can not explain. I know I was sitting in a pub drinking beer with a buddy on the 26th from 6-9.
Yet the log says an anonymous user was running cron at 19:33. Is this
The cron process would run as the anonymous user from the crontab entry, I assume you have one setup in your cPanel.
something automatically run? Then the message about an image not being able to be generated sounds like one of the errors I had when I was trying to fix the backslash problem. I certainly wasn't awake at 2 in the morning. Not having much experience at all with the logging system in Drupal I really don't know how to explain. (yes my time zone settings are set to west coast.) Here just a few of the entries.
cron 04/27/2012 - 09:48 Cron run completed. Anonymous (not verified)
Generated by the cron run, which is OK.
image 04/27/2012 - 06:37 Unable to generate the derived image located at... Anonymous (not verified)
Generated by some module, I don't know if it is good or not.
page not found 04/27/2012 - 02:20 node/7 Anonymous (not verified)
Someone accessed node/7 and it doesn't exist.
cron 04/27/2012 - 00:52 Cron run completed. Anonymous (not verified)
See above.
page not found 04/27/2012 - 00:52 node/11 Anonymous (not verified)
Someone accessed node/11 and it doesn't exist.
image 04/26/2012 - 23:15 Unable to generate the derived image located at... Anonymous (not verified)
See above.
I don't see anything in the operation here that would cause the " or " entries. Note that \ is prepended to " before saving it in the DB via http://us3.php.net/mysql_real_escape_string and is supposed to be in the DB data if that is where you are checking it.
-- Earnie -- https://sites.google.com/site/earnieboyd -- [ Drupal support list | http://lists.drupal.org/ ]
I got this blurb from Bluehost:
"Some versions of Drupal have begun to display this problem with internal character escaping functionality. I suggest you contact their support, community forums or documentation if you wish a final answer as to the cause. Fixing the issue is very simple, you have two options stop the escape characters from being inserted:
1.
Change to PHP 5.3 and update your Drupal installation to the most recent version. This can be done in the PHP Config section of the cPanel. Simply click on the radio button to the left of PHP 5.3 or PHP 5.3 Single (depending on which php.ini behavior you prefer) and then save the changes. 2.
You may also disable magic_quotes_gpc in the php.ini. This is done by finding the php.ini that applies to your Drupal installation in the File Manager, and Editing it. Once inside, search (the ctrl+f find function is recommended) for the line magic_quotes_gpc=On and set this variable to magic_quotes_gpc=Off
Note, the magic_quotes_gpc line may exist more than once, if so, duplicates should be removed."
On Mon, Apr 30, 2012 at 6:59 AM, Joel Willers joel.willers@sigler.comwrote:
BlueHost just redeployed some servers and MagicQuotes seems to be everywhere. COMPLAIN TO THEM! (Like I did)
Joel
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Earnie Boyd Sent: Monday, April 30, 2012 8:11 AM To: support@drupal.org Subject: Re: [support] Strange characters in source of block
On Sun, Apr 29, 2012 at 12:26 AM, Anthony tony@tony-mac.com wrote:
One other thing with this backslash situation:
I looked in the log and find some entries I can not explain. I know I was sitting in a pub drinking beer with a buddy on the 26th from 6-9.
Yet the log says an anonymous user was running cron at 19:33. Is this
The cron process would run as the anonymous user from the crontab entry, I assume you have one setup in your cPanel.
something automatically run? Then the message about an image not being able to be generated sounds like one of the errors I had when I was trying to fix the backslash problem. I certainly wasn't awake at 2 in the morning. Not having much experience at all with the logging system in Drupal I really don't know how to explain. (yes my time zone settings are set to west coast.) Here just a few of the entries.
cron 04/27/2012 - 09:48 Cron run completed. Anonymous (not verified)
Generated by the cron run, which is OK.
image 04/27/2012 - 06:37 Unable to generate the derived image located
at...
Anonymous (not verified)
Generated by some module, I don't know if it is good or not.
page not found 04/27/2012 - 02:20 node/7 Anonymous (not verified)
Someone accessed node/7 and it doesn't exist.
cron 04/27/2012 - 00:52 Cron run completed. Anonymous (not verified)
See above.
page not found 04/27/2012 - 00:52 node/11 Anonymous (not verified)
Someone accessed node/11 and it doesn't exist.
image 04/26/2012 - 23:15 Unable to generate the derived image located
at...
Anonymous (not verified)
See above.
I don't see anything in the operation here that would cause the " or " entries. Note that \ is prepended to " before saving it in the DB via http://us3.php.net/mysql_real_escape_string and is supposed to be in the DB data if that is where you are checking it.
-- Earnie
-- https://sites.google.com/site/earnieboyd
[ Drupal support list | http://lists.drupal.org/ ]
[ Drupal support list | http://lists.drupal.org/ ]
On Mon, Apr 30, 2012 at 12:15 PM, Anthony tony@tony-mac.com wrote:
I got this blurb from Bluehost:
"Some versions of Drupal have begun to display this problem with internal character escaping functionality. I suggest you contact their support, community forums or documentation if you wish a final answer as to the cause. Fixing the issue is very simple, you have two options stop the escape characters from being inserted:
Change to PHP 5.3 and update your Drupal installation to the most recent version. This can be done in the PHP Config section of the cPanel. Simply click on the radio button to the left of PHP 5.3 or PHP 5.3 Single (depending on which php.ini behavior you prefer) and then save the changes.
You may also disable magic_quotes_gpc in the php.ini. This is done by finding the php.ini that applies to your Drupal installation in the File Manager, and Editing it. Once inside, search (the ctrl+f find function is recommended) for the line magic_quotes_gpc=On and set this variable to magic_quotes_gpc=Off
Note, the magic_quotes_gpc line may exist more than once, if so, duplicates should be removed."
As I said earlier, magic_quotes_gpc is turned off by the default .htaccess given to you in the core Drupal site. The only way that this is not being used is if BlueHost has rebuilt PHP to disallow the .htaccess setting of magic_quotes_gpc. Also, note, that magic_quotes_gpc is removed from more current releases of PHP so depending on it is not a good thing. I now need to check my sites I suppose but I haven't had any noticeable issues yet.
Thanks. Still don't know why the problem surfaced.
On Mon, Apr 30, 2012 at 12:18 PM, Earnie Boyd earnie@users.sourceforge.netwrote:
On Mon, Apr 30, 2012 at 12:15 PM, Anthony tony@tony-mac.com wrote:
I got this blurb from Bluehost:
"Some versions of Drupal have begun to display this problem with internal character escaping functionality. I suggest you contact their support, community forums or documentation if you wish a final answer as to the cause. Fixing the issue is very simple, you have two options stop the
escape
characters from being inserted:
Change to PHP 5.3 and update your Drupal installation to the most recent version. This can be done in the PHP Config section of the cPanel. Simply click on the radio button to the left of PHP 5.3 or PHP 5.3 Single (depending on which php.ini behavior you prefer) and then save the
changes.
You may also disable magic_quotes_gpc in the php.ini. This is done by finding the php.ini that applies to your Drupal installation in the File Manager, and Editing it. Once inside, search (the ctrl+f find function is recommended) for the line magic_quotes_gpc=On and set this variable to magic_quotes_gpc=Off
Note, the magic_quotes_gpc line may exist more than once, if so,
duplicates
should be removed."
As I said earlier, magic_quotes_gpc is turned off by the default .htaccess given to you in the core Drupal site. The only way that this is not being used is if BlueHost has rebuilt PHP to disallow the .htaccess setting of magic_quotes_gpc. Also, note, that magic_quotes_gpc is removed from more current releases of PHP so depending on it is not a good thing. I now need to check my sites I suppose but I haven't had any noticeable issues yet.
-- Earnie
-- https://sites.google.com/site/earnieboyd
[ Drupal support list | http://lists.drupal.org/ ]
There was some chatter on Twitter about this happening on HostMonster suddenly on Friday. Apparently them and BlueHost are connected. I've got a couple client sites that haven't seen the problems yet, but it makes you wonder if they aren't rolling out some change.
Jamie Holly http://www.intoxination.net http://www.hollyit.net
On 4/30/2012 3:18 PM, Earnie Boyd wrote:
On Mon, Apr 30, 2012 at 12:15 PM, Anthonytony@tony-mac.com wrote:
I got this blurb from Bluehost:
"Some versions of Drupal have begun to display this problem with internal character escaping functionality. I suggest you contact their support, community forums or documentation if you wish a final answer as to the cause. Fixing the issue is very simple, you have two options stop the escape characters from being inserted:
Change to PHP 5.3 and update your Drupal installation to the most recent version. This can be done in the PHP Config section of the cPanel. Simply click on the radio button to the left of PHP 5.3 or PHP 5.3 Single (depending on which php.ini behavior you prefer) and then save the changes.
You may also disable magic_quotes_gpc in the php.ini. This is done by finding the php.ini that applies to your Drupal installation in the File Manager, and Editing it. Once inside, search (the ctrl+f find function is recommended) for the line magic_quotes_gpc=On and set this variable to magic_quotes_gpc=Off
Note, the magic_quotes_gpc line may exist more than once, if so, duplicates should be removed."
As I said earlier, magic_quotes_gpc is turned off by the default .htaccess given to you in the core Drupal site. The only way that this is not being used is if BlueHost has rebuilt PHP to disallow the .htaccess setting of magic_quotes_gpc. Also, note, that magic_quotes_gpc is removed from more current releases of PHP so depending on it is not a good thing. I now need to check my sites I suppose but I haven't had any noticeable issues yet.
On Mon, Apr 30, 2012 at 3:56 PM, Jamie Holly hovercrafter@earthlink.net wrote:
There was some chatter on Twitter about this happening on HostMonster suddenly on Friday. Apparently them and BlueHost are connected. I've got a couple client sites that haven't seen the problems yet, but it makes you wonder if they aren't rolling out some change.
I'm on BlueHost and don't see a problem yet. I've a D6 site that is aggregating RSS into nodes and they are usually filled with quote characters.
I'm on BlueHost and I experienced the problem on an updated installation of D7 and D6. It was very annoying, and the fact that Drupal automatically turns it off really made it difficult to diagnose. Sadly, Drupal's attempts to turn it off failed, and I needed to edit the php.ini file in the server root to turn it off. Simple enough, but it sure was a pain to figure out. It's all better now, though.
Joel
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Earnie Boyd Sent: Tuesday, May 01, 2012 7:01 AM To: support@drupal.org Subject: Re: [support] Strange characters in source of block
On Mon, Apr 30, 2012 at 3:56 PM, Jamie Holly hovercrafter@earthlink.net wrote:
There was some chatter on Twitter about this happening on HostMonster suddenly on Friday. Apparently them and BlueHost are connected. I've got a couple client sites that haven't seen the problems yet, but it makes you wonder if they aren't rolling out some change.
I'm on BlueHost and don't see a problem yet. I've a D6 site that is aggregating RSS into nodes and they are usually filled with quote characters.
-- Earnie -- https://sites.google.com/site/earnieboyd -- [ Drupal support list | http://lists.drupal.org/ ]
Bluehost mail to me "Hi, It is a drupal problem in the fact that drupal was written to work on a centos environment and that a change from centos 5 to centos 6 results in the problems you experienced. Its a known bug with drupal and yes, we did make the upgrade, but it is still a drupal issue with the centos 6 environment.
You have two options to stop the escape characters from being inserted:
1. Change to PHP 5.3 and update your Drupal installation to the most recent version. This can be done in the PHP Config section of the cPanel. Simply click on the radio button to the left of PHP 5.3 or PHP 5.3 Single (depending on which php.ini behavior you prefer) and then save the changes.
2. You may also disable magic_quotes_gpc in the php.ini. This is done by finding the php.ini that applies to your Drupal installation in the File Manager, and Editing it. Once inside, search (the ctrl+f find function is recommended) for the line magic_quotes_gpc=On and set this variable to magic_quotes_gpc=Off
Here is a thread on the drupal forums themselves that goes more into detail about the problem and some fixes: http://drupal.org/node/1437998 " Tony
On Tue, May 1, 2012 at 6:28 AM, Joel Willers joel.willers@sigler.comwrote:
I'm on BlueHost and I experienced the problem on an updated installation of D7 and D6. It was very annoying, and the fact that Drupal automatically turns it off really made it difficult to diagnose. Sadly, Drupal's attempts to turn it off failed, and I needed to edit the php.ini file in the server root to turn it off. Simple enough, but it sure was a pain to figure out. It's all better now, though.
Joel
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Earnie Boyd Sent: Tuesday, May 01, 2012 7:01 AM To: support@drupal.org Subject: Re: [support] Strange characters in source of block
On Mon, Apr 30, 2012 at 3:56 PM, Jamie Holly hovercrafter@earthlink.net wrote:
There was some chatter on Twitter about this happening on HostMonster suddenly on Friday. Apparently them and BlueHost are connected. I've got a couple client sites that haven't seen the problems yet, but it makes you wonder if they aren't rolling out some change.
I'm on BlueHost and don't see a problem yet. I've a D6 site that is aggregating RSS into nodes and they are usually filled with quote characters.
-- Earnie
-- https://sites.google.com/site/earnieboyd
[ Drupal support list | http://lists.drupal.org/ ]
[ Drupal support list | http://lists.drupal.org/ ]
If you do not already have a php.ini file in your Drupal root follow these simple steps from Christopher to override the setting and turn off magic quotes...
If do not have a php.ini file in your Drupal roothttp://drupal.org/node/1437998#comment-5940550 Posted by Christopher Jam... http://drupal.org/user/495096 on *May 1, 2012 at 6:38am*
- Create a blank text file and add the line: magic_quotes_gpc = Off
- Save the text file as "php.ini" (without the double quotes)
- Upload the php.ini file to your Drupal root directory.
On Tue, May 1, 2012 at 12:17 PM, Anthony tony@tony-mac.com wrote:
Bluehost mail to me "Hi, It is a drupal problem in the fact that drupal was written to work on a centos environment and that a change from centos 5 to centos 6 results in the problems you experienced. Its a known bug with drupal and yes, we did make the upgrade, but it is still a drupal issue with the centos 6 environment.
You have two options to stop the escape characters from being inserted:
- Change to PHP 5.3 and update your Drupal installation to the most
recent version. This can be done in the PHP Config section of the cPanel.
Simply click on the radio button to the left of PHP 5.3 or PHP 5.3 Single (depending on which php.ini behavior you prefer) and then save the changes.
- You may also disable magic_quotes_gpc in the php.ini.
This is done by finding the php.ini that applies to your Drupal installation in the File Manager, and Editing it. Once inside, search (the ctrl+f find function is recommended) for the line magic_quotes_gpc=On and set this variable to magic_quotes_gpc=Off
Here is a thread on the drupal forums themselves that goes more into detail about the problem and some fixes: http://drupal.org/node/1437998 " Tony
On Tue, May 1, 2012 at 6:28 AM, Joel Willers joel.willers@sigler.comwrote:
I'm on BlueHost and I experienced the problem on an updated installation of D7 and D6. It was very annoying, and the fact that Drupal automatically turns it off really made it difficult to diagnose. Sadly, Drupal's attempts to turn it off failed, and I needed to edit the php.ini file in the server root to turn it off. Simple enough, but it sure was a pain to figure out. It's all better now, though.
Joel
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Earnie Boyd Sent: Tuesday, May 01, 2012 7:01 AM To: support@drupal.org Subject: Re: [support] Strange characters in source of block
On Mon, Apr 30, 2012 at 3:56 PM, Jamie Holly hovercrafter@earthlink.net wrote:
There was some chatter on Twitter about this happening on HostMonster suddenly on Friday. Apparently them and BlueHost are connected. I've got a couple client sites that haven't seen the problems yet, but it makes you wonder if they aren't rolling out some change.
I'm on BlueHost and don't see a problem yet. I've a D6 site that is aggregating RSS into nodes and they are usually filled with quote characters.
-- Earnie
-- https://sites.google.com/site/earnieboyd
[ Drupal support list | http://lists.drupal.org/ ]
[ Drupal support list | http://lists.drupal.org/ ]
--
*Anthony Stefan Maciejowski*
-- [ Drupal support list | http://lists.drupal.org/ ]
On Tue, May 1, 2012 at 12:17 PM, Anthony tony@tony-mac.com wrote:
Bluehost mail to me "Hi, It is a drupal problem in the fact that drupal was written to work on a centos environment and that a change from centos 5 to centos 6 results in the problems you experienced. Its a known bug with drupal and yes, we did make the upgrade, but it is still a drupal issue with the centos 6 environment.
You have two options to stop the escape characters from being inserted:
- Change to PHP 5.3 and update your Drupal installation to the most recent
version. This can be done in the PHP Config section of the cPanel. Simply click on the radio button to the left of PHP 5.3 or PHP 5.3 Single (depending on which php.ini behavior you prefer) and then save the changes.
- You may also disable magic_quotes_gpc in the php.ini.
This is done by finding the php.ini that applies to your Drupal installation in the File Manager, and Editing it. Once inside, search (the ctrl+f find function is recommended) for the line magic_quotes_gpc=On and set this variable to magic_quotes_gpc=Off
Here is a thread on the drupal forums themselves that goes more into detail about the problem and some fixes: http://drupal.org/node/1437998 "
Just as I thought, the forum entry you note proves to me that BlueHost is blowing smoke. The issue is really that PHP has the bug. There are two workarounds. The best being updating php.ini file. The second being removing the php_flag magic_quotes_gpc setting in .htaccess. Also note that PHP 5.4 no longer has this setting.
That's really funny. I've updated quiet a few servers from CentOS 5 to CentOS 6 that run Drupal and this hasn't happened. Yeah BlueHost is blowing smoke big time.
Jamie Holly http://www.intoxination.net http://www.hollyit.net
On 5/1/2012 1:47 PM, Earnie Boyd wrote:
On Tue, May 1, 2012 at 12:17 PM, Anthonytony@tony-mac.com wrote:
Bluehost mail to me "Hi, It is a drupal problem in the fact that drupal was written to work on a centos environment and that a change from centos 5 to centos 6 results in the problems you experienced. Its a known bug with drupal and yes, we did make the upgrade, but it is still a drupal issue with the centos 6 environment.
You have two options to stop the escape characters from being inserted:
- Change to PHP 5.3 and update your Drupal installation to the most recent
version. This can be done in the PHP Config section of the cPanel. Simply click on the radio button to the left of PHP 5.3 or PHP 5.3 Single (depending on which php.ini behavior you prefer) and then save the changes.
- You may also disable magic_quotes_gpc in the php.ini.
This is done by finding the php.ini that applies to your Drupal installation in the File Manager, and Editing it. Once inside, search (the ctrl+f find function is recommended) for the line magic_quotes_gpc=On and set this variable to magic_quotes_gpc=Off
Here is a thread on the drupal forums themselves that goes more into detail about the problem and some fixes: http://drupal.org/node/1437998 "
Just as I thought, the forum entry you note proves to me that BlueHost is blowing smoke. The issue is really that PHP has the bug. There are two workarounds. The best being updating php.ini file. The second being removing the php_flag magic_quotes_gpc setting in .htaccess. Also note that PHP 5.4 no longer has this setting.
Thanks Earnie.My site isn't actually live yet so it's address is a numerical url. I only publicized that here once months ago. So what was this person doing trying to access random nodes I wonder?
On Mon, Apr 30, 2012 at 6:11 AM, Earnie Boyd earnie@users.sourceforge.netwrote:
On Sun, Apr 29, 2012 at 12:26 AM, Anthony tony@tony-mac.com wrote:
One other thing with this backslash situation:
I looked in the log and find some entries I can not explain. I know I was sitting in a pub drinking beer with a buddy on the 26th from 6-9.
Yet the log says an anonymous user was running cron at 19:33. Is this
The cron process would run as the anonymous user from the crontab entry, I assume you have one setup in your cPanel.
something automatically run? Then the message about an image not being
able
to be generated sounds like one of the errors I had when I was trying to
fix
the backslash problem. I certainly wasn't awake at 2 in the morning. Not having much experience at all with the logging system in Drupal I really don't know how to explain. (yes my time zone settings are set to west coast.) Here just a few of the entries.
cron 04/27/2012 - 09:48 Cron run completed. Anonymous (not verified)
Generated by the cron run, which is OK.
image 04/27/2012 - 06:37 Unable to generate the derived image located
at...
Anonymous (not verified)
Generated by some module, I don't know if it is good or not.
page not found 04/27/2012 - 02:20 node/7 Anonymous (not verified)
Someone accessed node/7 and it doesn't exist.
cron 04/27/2012 - 00:52 Cron run completed. Anonymous (not verified)
See above.
page not found 04/27/2012 - 00:52 node/11 Anonymous (not verified)
Someone accessed node/11 and it doesn't exist.
image 04/26/2012 - 23:15 Unable to generate the derived image located
at...
Anonymous (not verified)
See above.
I don't see anything in the operation here that would cause the " or " entries. Note that \ is prepended to " before saving it in the DB via http://us3.php.net/mysql_real_escape_string and is supposed to be in the DB data if that is where you are checking it.
-- Earnie
-- https://sites.google.com/site/earnieboyd
[ Drupal support list | http://lists.drupal.org/ ]
a comment about magic quotes from the drupal LA group ( http://groups.drupal.org/node/227548#comment-745338) "
We are writing php code using AMP stacks locally. We I first tried to do an INSERT to the MySQL database for user input, it would error out because MySQL uses single quotes as well to define the start and end of the string values.
Turning on the magic_quotes_gpc setting in PHP places a backslash character in front of any single or double quote character in data retrieved from a form. The backslash character tells MySQL to treat the quote as part of the data and not part of the string delineator. The backslash isn't added to the data, it's silently stripped away when the data is stored in the table.
WAMP has this off by default as will PHP 5.4 according to the documentation. I'm told that PHP coders don't like relying on the magic_quotes_gpc setting, and instead prefer to handle the data themselves.
if (!get_magic_quotes_gpc()) { $title = addslashes($title); $author = addslashes($author);
}
Trouble is, you cannot use BOTH. They you get all kinds of double slashes, etc. and other crazy stuff going on. Combine that with WYSIWYG and it is a backslash tornado!
I don't know what the WYSIWYG editors or even Drupal does about this, but try turning off magic_quotes_gpc if you have access tothe PHP.ini or can override with .phprc file. "
On Mon, Apr 30, 2012 at 12:17 PM, Anthony tony@tony-mac.com wrote:
Thanks Earnie.My site isn't actually live yet so it's address is a numerical url. I only publicized that here once months ago. So what was this person doing trying to access random nodes I wonder?
I would assume that is an errant bot -- if it's accessible on the web -- someone, somewhere, sometime is going to spider it.
You may be able to fix this with robots.txt.
Then again, not every spider is going honor robots.txt anyway. I'm not sure, but putting the site into maintenance mode may keep them out.
This wasn't necessarily a person. I can think of several ways a "random" node might be accessed "suddenly":
1) Search engine: your site may have gotten exposed in a variety of ways and the search bot is back to re-index. 2) Internal search: occasionally, the internal Drupal search function will re-visit a node, particularly if it was a PHP format. 3) Hackers could have picked up the IP, or even accidentally discovered it.
I wouldn't worry about the first two at all. The third thing is going to happen sooner or later, so be ready.
Nancy
Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
From: Anthony tony@tony-mac.com To: support@drupal.org Sent: Monday, April 30, 2012 12:17 PM Subject: Re: [support] Strange characters in source of block
Thanks Earnie.My site isn't actually live yet so it's address is a numerical url. I only publicized that here once months ago. So what was this person doing trying to access random nodes I wonder?
What do you suggest?
3) Hackers could have picked up the IP, or even accidentally discovered it.
The third thing is going to happen sooner or later, so be ready.
*Nancy* Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
*From:* Anthony tony@tony-mac.com *To:* support@drupal.org *Sent:* Monday, April 30, 2012 12:17 PM
*Subject:* Re: [support] Strange characters in source of block
Thanks Earnie.My site isn't actually live yet so it's address is a numerical url. I only publicized that here once months ago. So what was this person doing trying to access random nodes I wonder?
-- [ Drupal support list | http://lists.drupal.org/ ]
Making sure your permissions are sane is a big step. There are several articles on D.O detailing ways to hack-proof and spam-proof your site.
Nancy
Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
From: Anthony tony@tony-mac.com To: support@drupal.org; Ms. Nancy Wichmann nan_wich@bellsouth.net Sent: Monday, April 30, 2012 1:36 PM Subject: Re: [support] Strange characters in source of block
What do you suggest?
- Hackers could have picked up the IP, or even accidentally discovered it.
The third thing is going to happen sooner or later, so be ready.
Nancy
Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
From: Anthony tony@tony-mac.com To: support@drupal.org Sent: Monday, April 30, 2012 12:17 PM
Subject: Re: [support] Strange characters in source of block
Thanks Earnie.My site isn't actually live yet so it's address is a numerical url. I only publicized that here once months ago. So what was this person doing trying to access random nodes I wonder?
-- [ Drupal support list | http://lists.drupal.org/ ]
--
Anthony Stefan Maciejowski
-- [ Drupal support list | http://lists.drupal.org/ ]
Thanks.
On Mon, Apr 30, 2012 at 10:51 AM, Ms. Nancy Wichmann <nan_wich@bellsouth.net
wrote:
Making sure your permissions are sane is a big step. There are several articles on D.O detailing ways to hack-proof and spam-proof your site.
*Nancy* Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
*From:* Anthony tony@tony-mac.com *To:* support@drupal.org; Ms. Nancy Wichmann nan_wich@bellsouth.net *Sent:* Monday, April 30, 2012 1:36 PM
*Subject:* Re: [support] Strange characters in source of block
What do you suggest?
- Hackers could have picked up the IP, or even accidentally discovered it.
The third thing is going to happen sooner or later, so be ready.
*Nancy* Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
*From:* Anthony tony@tony-mac.com *To:* support@drupal.org *Sent:* Monday, April 30, 2012 12:17 PM
*Subject:* Re: [support] Strange characters in source of block
Thanks Earnie.My site isn't actually live yet so it's address is a numerical url. I only publicized that here once months ago. So what was this person doing trying to access random nodes I wonder?
-- [ Drupal support list | http://lists.drupal.org/ ]
-- *Anthony Stefan Maciejowski*
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
On Sat, Apr 28, 2012 at 2:47 PM, Anthony tony@tony-mac.com wrote:
The problem seems to have something to do with settings for so called magic quotes. I have been advised and I quote:
This is a recent Hostmonster and Bluehost server issue
In php.ini change this
; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off
But these are ensured off by .htaccess. They are also removed (i.e. does not exist) in php 5.4.
But now I have another problem. As soon as I try to save a block I get a message similar to the following regardless of browser used. The wording in Chrome is:
The changes you made will be lost when you leave this page. Are you sure you want to leave this page? [with choices] Leave this page? Stay on this page?
Try clearing the cache in both the server and the browser.
Any experience with this?
A bit of jquery js script added to Drupal to ensure that you save your data before leaving the page. I've not had it miss appropriate itself. I have seen the message when I've added data and not saved it.