How do I enable magic_quotes or use .htaccess?

I recently installed joomla and it is telling me that I need to turn on magic_quotes.

How do I do this?

Also, I saw on the Joomla forum that someone else from dream host had a similar problem whereafter a poster responded with this.

"(1) ask your host to enable this variable, (2)make use of a top-level .htaccess file or (3)you might have to add a php.ini to ALL directories within the Joomla! instance "

soooo.(1) I don’t think dreamhost will enable this variable for me (or will they?)

(2)I know how to ask for help, but I don’t think I know how to “make use of a top-level .htaccess file.”

And (3)I’m not really sure what adding a php.ini to all directories means exactly.

Could someone help me with this?

Well, it’s actually telling you that the Joomla! development team feels strongly that you should have “magic_quotes” turned on. This is understandable as poorly coded components can create an opportunity for exploits; Joomla! (I think justifiably) warns you of this, and recommends that you set various PHP settings a certain way. The Joomla! core is pretty robust, and actually Joomla! works fine with the DH PHP 5 settings, but it can be “irritating” and/or worrisome to have to stare at that warning when in the Joomla! back end.

The info on the Joomla! forum is good, to a point, but it generally does not take into account the nature of PHP on Dreamhost, including the nuances of running PHP-CGI under suExec - which makes the handling of php.ini and .htaccess files a little different for manipulating PHP settings.

First, DH will not make the setting change for you. They have set up their generally available PHP to what they believe is optimal for the security and usability of all on the shared server. They do allow you to make changes yourself for your use, and I’ll talk more about that later in the post.

Second, the .htaccess method of manipulating PHP variables won’t work under PHP-CGI, so that’s out.

Third, adding a php.ini to all directories is not only a kludgy way to do it, but won’t work on DH for the reasons already mentioned having to do with PHP as CGI.

All that said, there are a couple of possible approaches you could take to this. You could just ignore the “warning” - Joomla! will work properly, and so will a properly coded add-on component and /or extension. The problem is that the quality of third-party component code varies greatly, so you may elect to implement the magic_quote settings as recommended, particularly if you do not feel qualified to identify any potential risks in others’ code.

You could also modify your PHP environment on DH to change the setting to that which is recommended. This is not something that you probably want to attempt if you do not know your way around ssh, the *nix shell, and a command line. It isn’t really hard at all, but you do have to be conversant with ssh and the command line to accomplish it.

To change the DH PHP environment as recommended by Joomla!, you can take any of three different approaches, and I’ll list them here from the “easiest” to the “most complicated” - either will fix the Joomla! “warning”, but each method has its own advantages and disadvantages.

1. The easiest way to do this is to follow the instructions in the wiki article on a custom php.ini file, which allows you to use the current copy of PHP DH has installed by default with a modified php.ini file, where you can change the magic_quote setting, and others, as desired. This is by far the “easiest” way to do this, which is its biggest advantage, and it prevents the PHP environment from “changing” on you if DH “upgrades” PHP; its disadvantage is that it prevents your PHP environment from staying current with DH changes in PHP deployment (though there may be times you might consider this to be desirable).

2. The second way to do this is a variation of the first method, where you do much the same thing with some additional steps involving shell scripts that “automate” the process to a degree, and keep your version of PHP current with DH’s, and is detailed in Dh Wiki article on PHP.ini. Most users find this to be considerably more difficult, as you can see by searching the forums, though those comfortable in the shell should still find it almost trivial.

3. Finally, DH allows you to compile and use your own version of PHP, where you can set things up almost any way you want, and is the method DH support will recommend if pushed, though they will not support it. Many users seem to have difficulty with this process, as is evidenced by the many related threads on these forums.

All of these methods put you “on your own”, as they are not standard, and DH tech support will not help you sort it if you screw the pooch, and break your your website, while doing any of this. Therefore, it is best to “take it slow and get it right” if you decide to modify your PHP environment in this manner.

Hopefully, this, and other threads about this in the forum (there are several, just use the search), will be helpful to you in deciding how to approach the issue. Good luck, and Rock On!

–rlparker

Thank you for the excelent reply. Was helpful and informative. I think I’ll start by not worrying about it and being really judicious about my add-ons.

That said, I did do a number of searches before posting that didn’t turn up much. The problem with being new at something is that the wikis and searches don’t really turn up something unless you know that you don’t know it.

I guess that’s why there’s the beginner forum.

Would you mind if I added this to the wiki as a FAQ for Joomla!?

You are most welcome, and I am glad you found the reply useful.

I agree that it is very hard to search successfully at times when dealing with new stuff, as the operative terms often escape us; it’s a little like trying to look up a word in a dictionary when you have no idea how it is even approximately spelled.

Of course, I have no objection to anything anyone wants to add to the wiki. This issue probably should be addressed there, as it is confusing to many; I’ve just procrastinated about doing it, and was actually hoping DH might address the issue with the “one-click” installer, or Joomla! 1.5 might make it a moot point . If you think this is “wiki-worthy” then feel free to do as you wish, though it will need considerable re-working to be in proper “wiki style” and to avoid conversational tone .

–rlparker