id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
578	Magic Quotes prevents ImageManager backend security check from working	mike@…	yermol	"While working on a plugin for Xinha on Wordpress, I had trouble with the backend_config for ImageManager.  I kept getting hash mismatch security errors and I finally figured out why.

Using the recommended client side code to build the hash, I was using the jsaddslashes routine:

xinha_config.ImageManager.backend_config = '<?php echo (jsaddslashes($IMConfig)); ?>';
xinha_config.ImageManager.backend_config_hash = '<?php echo sha1($IMConfig . $_SESSION['Xinha:ImageManager']); ?>';
xinha_config.ImageManager.backend_secret_key_location = 'Xinha:ImageManager';

However, even if I took the jsaddslashes routine out, debug stmts in config.inc.php showed $_REQUEST['backend_config'] with encoded slashes still.  Since the hash was computed WITHOUT slashes in the serialized array, the hashes would never match during the security checks since the slashes still existed in when teh hash was built in config.inc.php.

If I disabled the security check, the array could not be unserialized since the slashes were still there.  I finally realized that I have magic_quotes enabled for PHP, thus the strings are being slash encoded already. 

I solved this problem by adding this line under session_start in ImageManager/config.inc.php (Line 209 in the version of Xinha I'm using)

if (get_magic_quotes_gpc()) $_REQUEST['backend_config'] = stripslashes($_REQUEST['backend_config']);

Once I did this, all the security checks and syntax checks/unserialization worked fine.

This was on PHP 4.3.8"	defect	closed	normal		Plugin_ImageManager	trunk	normal	fixed