From 94c035ff717c4c836bb76109b013ffaa78f64ef1 Mon Sep 17 00:00:00 2001 From: Willi Eggeling Date: Sat, 26 Aug 2017 11:27:18 +0200 Subject: removed doc and code references to magic quotes - removed all references to magic quotes - magic quotes are not supported on PHP >= 5.4 (https://secure.php.net/manual/en/security.magicquotes.php) - Shaarli does not support PHP < 5.5 --- doc/md/Security.md | 3 --- 1 file changed, 3 deletions(-) (limited to 'doc') diff --git a/doc/md/Security.md b/doc/md/Security.md index 36f629af..65db4225 100644 --- a/doc/md/Security.md +++ b/doc/md/Security.md @@ -1,9 +1,6 @@ ## Client browser - Shaarli relies on `HTTP_REFERER` for some functions (like redirects and clicking on tags). If you have disabled or masqueraded `HTTP_REFERER` in your browser, some features of Shaarli may not work -## PHP -- `magic_quotes` is an horrible option of PHP which is often activated on servers. No serious developer should rely on this horror to secure their code against SQL injections. You should disable it (and Shaarli expects this option to be disabled). Nevertheless, I have added code to cope with `magic_quotes` on, so you should not be bothered even on crappy hosts. - ## Server and sessions - Directories are protected using `.htaccess` files - Forms are protected against XSRF (Cross-site requests forgery): -- cgit v1.2.3