WordPress.org

Support

Support » Plugins and Hacks » amr users » AmR Users CSV Export gets slashes even when magic_quotes_gpc OFF

AmR Users CSV Export gets slashes even when magic_quotes_gpc OFF

  • We have used php_info() to verify that the correct php.ini file is loaded and that:

    Directive | Local Value | Master Value
    magic_quotes_gpc | Off | Off
    magic_quotes_runtime | Off | Off
    magic_quotes_sybase | Off | Off

    …and we have rebuilt the report.

    However, the plugin’s Export CSV feature is still exporting slashes and quotes ( \” ) instead of just quote ( ” ).

    Anyone else having such an issue?

    Is there any way to tweak the plugin’s code so that \” gets replaced with ” ??

    http://wordpress.org/extend/plugins/amr-users/

Viewing 15 replies - 1 through 15 (of 21 total)
  • Plugin Author anmari

    @anmari

    Hi Doug – for the record the plugin does not add slashes anywhere.

    It does add quotes. See here for discussion why:
    http://webdesign.anmari.com/1542/wordpress-user-lists/#comment-3875

    for discussion on magic quotes
    http://webdesign.anmari.com/2305/csv-export-slashes-magic-quotes-on-security/

    I am not finding any additional slashes on my test site. One thing you could do to double check is:

    click on the csv export link, this should take to another screen with a biggish “export to csv” button. At this point all the csv data is actually sitting behind that button.

    Using fixebug or simply viewing source – check what the plugin has output:

    on my systems I see comma separated data with quotes surrounding it.

    People with magic quotes on seemed to find that the slashes are added after this step.

    Also: did you restart apache?

    I googleed a bit to see if there was something else and found that some folks do have a problem making sure that it is completely off:
    http://www.freepbx.org/forum/freepbx/users/magic-quotes-enabled
    http://www.webmasterworld.com/php/3616249.htm
    http://stackoverflow.com/questions/1748001/how-to-turn-off-magic-quotes-in-php-configuration-file-i-am-using-xampp

    Thanks for the kind reply! 🙂

    Re: Restarting Apache
    Our site in focus is hosted on shared hosting – BlueHost. I have used the php_info() function to verify that I do indeed have magic_quotes turned off. I have also used

    print("Magic Quotes = ". get_magic_quotes_gpc());

    Which results in:

    Magic Quotes = 0

    I am curious about the “form” method you are using.

    Where is the PHP that is creating the file in the server’s ram? My understanding was that a file — even if only a temporary, “ram only” file — should be created on the server for the download. There should be code to set that file’s header, setting the “Content-Disposition” and the “Content-Type.” I did a quick search of ameta-admin.php and could not find “Content-Disposition” in it.

    Here’s one article on creating a temporary “ram only” file for download: http://www.the-art-of-web.com/php/dataexport/

    For the record, the data query content sitting in the hidden form element does not have slashes.

    Until just recently, I was not getting any slashes in my final download file.

    Without me changing anything in my php.ini files, I started getting slashes.

    I will contact my host in case there is something they can look at.

    I explained to the host and asked them to restart Apache. They had me write up a ticket. We will wait. 🙂

    Plugin Author anmari

    @anmari

    Hi Doug since the file could contain user data that is normally safe and private in the db, I did not want a file left on the server. Hence using the method which essentially does the same thing but only generates it on request (from cache table) and for immediate download to pc.

    Let me knwo how you go.

    Hi AnMari

    The method the plugin is currently using still stores the data in the server’s ram too, so there is not any reason not to store it there using the file methodology. The “form” method currently used does not offer any more security, yet it loses the needful file methodology.

    I did a test and found that when I build the ram file as a file, the slashes do not get added. It works! And this is on the same server where the form method does not. Again, php_info() shows that magic quotes is turned off for me. If my problem was that, my test would have been affected too, no?

    Here is the file methodology format I used in a successful test:

    <?php
    		header("Content-type: application/octet-stream");
    		header("Content-Disposition: attachment; filename=\"downloadablefile.csv\"");
    		echo 'Contents of line 1 of plain text downloadable file' . "\n" . 'Contents of line 2 of plain text downloadable file' . "\n";
    ?>

    When I used the above method, I copied the user list data from the “view page source” (before slashes were added). I used find and replace to convert the encoded double quotes ( the ampersand followed by quot;) to regular double quotes ( ” ). I also replaced each hard return with the new line code ( \n ), wrapped in double quotes, and concatenated with the dot. So:

    'content' . "\n" . 'content' . "\n";

    This worked. I am not sure how long it would take me to figure out how to tweak the plugin code to try to implement it, because I don’t know your code very well at all.

    Thanks for your kindness and great helpfulness. If my input can result in a better plugin that helps people in my same shoes, I will be grateful.

    I should add that I am not a guru by any stretch, so there may be reasons of which I am unaware (for doing things differently). I offer this only for consideration, and I invite any and all help from those who know more than I. 🙂

    Plugin Author anmari

    @anmari

    Hi Doug,
    actually there is pretty much the same code to output the csv
    see function amr_to_csv on line 493 of the include file.
    However I will relook at the whole csv area – folks want csv links on the front end too, so have to do it differently.

    But got a few other things on the go at the moment that I have to get done first.

    I will tinker on this end and let you know if I find a way to get the file download to work on my shared server. This could prove helpful as I think many WP users are on shared servers that may face similar issues. Thanks again for your help and your kind attention.

    PS: I still think someone at my hosting company changed some global setting on their end (or something), because for a while I was able to download CSV files using the plugin’s code, _without getting slashes_, and then suddenly… slashes started appearing.

    Hi AnMari

    You are so kind. Thanks for being so helpful.

    I am working on this, and I have a quick question. I know you’re busy. If you don’t have time to mention it I understand.

    I searched the ameta-admin.php for any mention of “ameta-includes.php” and came up empty. I see where amr-users.php calls the includes file, but I don’t see where any files call the amr-users.php file. How does the ameta-admin.php call or access the code in the includes file?

    Plugin Author anmari

    @anmari

    the amr-users.php gets called by wordpress automatically because it has the same name as the folder

    it is not terribly clear in the codex
    http://codex.wordpress.org/Writing_a_Plugin#Plugin_Name

    If you are keen to learn more – these two books by well regarded plugin authors are good:

    http://wppluginmarket.com/16109/professional-wordpress-plugin-development/

    Thanks!

    Hi AnMari

    Any progress on getting CSV links on the front end?

    We really could use this.

    Plugin Author anmari

    @anmari

    Hi

    HUGE major update coming very soon… search, bulk delete etc
    – had to stop and work on something else for a bit – but hope to get back to it this week – was pretty much all tested, few minor things to fix, and wasted? lots of time trying to have it both ways with multi site (ie network reports and primary blog reports….)

    .. stay tuned

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘AmR Users CSV Export gets slashes even when magic_quotes_gpc OFF’ is closed to new replies.
Skip to toolbar