> With register_globals OFF in your php.ini file, all of the user input is
> present in the _GET, _POST, _REQUEST, or _COOKIE array. With
> register_globals ON, then the variables are registered as regular variables.
> If you have a URL like page.php?id=1, then with them OFF, you have to use
> $_
ow where your variables are coming from.
---John Holmes...
- Original Message -
From: "Kurth Bemis (List Monkey)" <[EMAIL PROTECTED]>
To: "1LT John W. Holmes" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 4:07 PM
Subject: Re: [PHP]
At 04:00 PM 5/25/2002 -0400, 1LT John W. Holmes wrote:
Actually - i don't understand what the docs at PHP are talking about. care
to enlighten me?
~kurth
>Do you know what the security problems are? Do you realise that having
>register_globals on or off isn't the security problem, it's how yo
Do you know what the security problems are? Do you realise that having
register_globals on or off isn't the security problem, it's how you write
your code? If you're not going to change any of your code, just turn on
register_globals. Changing your code to _POST or _GET and doing nothing else
isn'
For now you can add this to the top of your scripts:
$types_to_register = array('GET','POST','COOKIE','SESSION','SERVER');
foreach ($types_to_register as $type) {
$arr = @${'HTTP_' . $type . '_VARS'};
if (@count($arr) > 0) {
extract($arr, EXTR_OVERWRITE);
}
}
Somebody else
5 matches
Mail list logo
