Internet Explorer 7 BETA 2

I decided to give IE7 a try today and see what the new version offered after the disastrous BETA that graced my computer system last year.

Looking at the Microsoft website – I could see that they were gearing up for the big marketing push. It was time to get people excited about a new version of IE7 (which I’m feeling quite unexcited about, but I’ll come to that).

The Internet Explorer 7 homepage is a visual treat – something you would typically expect from Microsoft when the product is being pitched at consumers. Classic productivity buzzwords are banded around like they’re going out of fashion: “Do more by doing less” / “Cut through the clutter”. Oh, and there was a nice shade of blue.

After downloading an 11MB installer, everything seemed to go okay. A reboot later (I bet you didn’t see that one coming) and IE7 was on my screen. Apparently, it has some anti-phishing system in place. That’s a good idea, I though to myself as I turned it on and clicked next. Hmm, seem to have trouble getting off this page, I mused as I hit the IE7 homepage.

Something was wrong, and it’s not the fact that I couldn’t find half the menus – or that right-clicking on the toolbar still brings up the system menu instead of something context-appropriate. Steve told me that he’d filed a bug report sometime ago about this being weird. Obviously when MS stapled “we heard you” over their IE7 website, they weren’t directing that at my colleague.

And then the grief happened. I could not move the IE7 window. At all. The toolbars stopped responding after a few clicks, and although the browser window and address bar remained functional, I was getting beautiful dropped-window corruption – the standard desktop art created by windows that are not responding.

I tried to restart IE7 a few times with task manager. Thankfully, resetting IE7 doesn’t kill Explorer as well, so all my system tray icons remained in place. However, the problem persisted.

I reminisced over installing the IE4 BETA on my Windows 95 PC many years ago. And how it created so much new functionality for Windows. It really made a difference, and the BETA was quite stable. I don’t think that I uninstalled it I was so impressed. Of course, security wasn’t such an issue then – I don’t think that I was even connected to the Internet at the time. Scrub that – I definitely wasn’t.

But I don’t feel let down. The good news is that the uninstaller seems to work very well, and I’m happily back in the land of Firefox and IE6 browsing. I suppose that after being accustomed to browsing with Firefox for so long I had low expectations of IE7. I was hoping that it would last a couple of weeks, rather than a couple of minutes but you can’t have everything.

I’m amazed that I found it even more unusable than the last BETA. So, let’s wait for the next BETA, eh? We’ll see what else doesn’t work then.

magic_quotes and other evils

Well, it seems that as the development of the learning platform trundles to it’s conclusion, I’m forced to look back at what has been done so far and say, “Bugger”.

Half way through the development I switched my development server from Linux to Windows, and unknown to me started using a server that had magic_quotes_gpc = on in the php.ini file.

What does that mean?

I wouldn’t have worried about it too much, really if it hadn’t been for the minutes from the PHP6 developer’s meeting which basically say that magic_quotes_gpc is out. It’s caused too much grief for developers and migration issues. I can see the point. It was very handy for preventing SQL injection easily, but then that’s no replacement for secure code.

So because I’ve gone through the code fixing errors where there weren’t actually any to begin with (due to manually working against escaping characters), now I must go through the code again to ensure that the code is working properly without magic quotes!

Also, I have had to implement two new functions from the PHP manual to ensure that magic_quotes will not upset the code in the future.

Here’s the code:

<code>
< ? php
function stripslashes_deep($value)
{
   return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
}

if (get_magic_quotes_gpc())
{
   $_GET    = array_map('stripslashes_deep', $_GET);
   $_POST  = array_map('stripslashes_deep', $_POST);
   $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
?>
</code>

By trying to run stripslashes on the array itself (if there is one), you destroy any keys and arrays that are passed through. If you rely on this, then you will wreck your code.

So, just run the script at the start of each page, and you should be okay.