From 6608f70cff82808b3c9bbc98ae3dd76d123330f0 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sat, 22 Nov 2008 13:46:11 +0000
Subject: [PATCH] - Patch #308834 by c960657: move setting of
 magic_quotes_runtime out of settings.php because (i) we don't want a user to
 change it and (ii) it gets executed a bit earlier in the Drupal bootstrap.

---
 .htaccess                          |  5 +++--
 includes/bootstrap.inc             |  7 +++++++
 sites/default/default.settings.php | 13 ++++++-------
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/.htaccess b/.htaccess
index 8a4d660f229f..fda44d32f313 100644
--- a/.htaccess
+++ b/.htaccess
@@ -24,8 +24,9 @@ ErrorDocument 404 /index.php
 # Set the default handler.
 DirectoryIndex index.php
 
-# Override PHP settings. More in sites/default/settings.php
-# but the following cannot be changed at runtime.
+# Override PHP settings that cannot be changed at runtime. See
+# sites/default/default.settings.php and drupal_initialize_variables() in
+# includes/bootstrap.inc for settings that can be changed at runtime.
 
 # PHP 5, Apache 1 and 2.
 <IfModule mod_php5.c>
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 9e4e78ea044a..009ad4da51af 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -394,8 +394,15 @@ function drupal_initialize_variables() {
   }
   // Enforce E_ALL, but allow users to set levels not part of E_ALL.
   error_reporting(E_ALL | error_reporting());
+
+  // Override PHP settings required for Drupal to work properly. The .htaccess
+  // file contains settings that cannot be changed at runtime. See
+  // sites/default/default.settings.php for more non-runtime settings.
+
   // Prevent PHP from generating HTML errors messages.
   ini_set('html_errors', 0);
+  // Don't escape quotes when reading files from disk etc.
+  ini_set('magic_quotes_runtime', '0');
 }
 
 /**
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index 758f52b89912..50b762f9ce12 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -188,15 +188,14 @@
 /**
  * PHP settings:
  *
- * To see what PHP settings are possible, including whether they can
- * be set at runtime (ie., when ini_set() occurs), read the PHP
- * documentation at http://www.php.net/manual/en/ini.php#ini.list
- * and take a look at the .htaccess file to see which non-runtime
- * settings are used there. Settings defined here should not be
- * duplicated there so as to avoid conflict issues.
+ * To see what PHP settings are possible, including whether they can be set at
+ * runtime (i.e., when ini_set() occurs), read the PHP documentation:
+ * http://www.php.net/manual/en/ini.php#ini.list
+ * See drupal_initialize_variables() in includes/bootstrap.inc for required
+ * runtime settings and the .htaccess file for non-runtime settings. Settings
+ * defined there should not be duplicated here so as to avoid conflict issues.
  */
 ini_set('arg_separator.output',     '&amp;');
-ini_set('magic_quotes_runtime',     0);
 ini_set('magic_quotes_sybase',      0);
 ini_set('session.cache_expire',     200000);
 ini_set('session.cache_limiter',    'none');
-- 
GitLab