Adding stripslashes to the $_REQUEST, $_GET, $_POST and $_COOKIE when magic_quotes_gpc is on see #2970

main/inc/global.inc.php

@@ -190,6 +190,15 @@ if (api_is_utf8($charset)) {
 // Start session after the internationalization library has been initialized.
 api_session_start($already_installed);
 
+// Remove quotes added by PHP  - get_magic_quotes_gpc() is deprecated in PHP 5 see #2970
+ 
+if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {	
+	array_walk_recursive_limited($_GET, 	'stripslashes', true);	
+	array_walk_recursive_limited($_POST, 	'stripslashes', true);
+	array_walk_recursive_limited($_COOKIE,  'stripslashes', true);
+	array_walk_recursive_limited($_REQUEST, 'stripslashes', true);
+}
+
 // access_url == 1 is the default chamilo location
 if ($_configuration['access_url'] != 1) {
     $url_info = api_get_access_url($_configuration['access_url']);

main/inc/lib/array.lib.php

@@ -64,4 +64,26 @@ function msort($array, $id='id', $order = 'desc') {
         $array = array_merge(array_slice($array, 0, $lowest_id), array_slice($array, $lowest_id+1));
     }
     return $temp_array;
+}
+
+function array_walk_recursive_limited(&$array, $function, $apply_to_keys_also = false) {
+	static $recursive_counter = 0;
+	if (++$recursive_counter > 1000) {
+		die('possible deep recursion attack');
+	}
+	foreach ($array as $key => $value) {
+		if (is_array($value)) {
+			array_walk_recursive_limited($array[$key], $function, $apply_to_keys_also);
+		} else {
+			$array[$key] = $function($value);
+		}
+		if ($apply_to_keys_also && is_string($key)) {
+			$new_key = $function($key);
+			if ($new_key != $key) {
+				$array[$new_key] = $array[$key];
+				unset($array[$key]);
+			}
+		}
+	}	
+	$recursive_counter--;
 }