PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Mass Customization
In Case You Missed It...The Week of February 13, 2005
Arrays, HTML and PHP
COM Functions in PHP4
Using cURL With PHP

Re: [phplib] stricting methods (was: [RFC] Future of phplib) From: giancarlo pinerolo (giancarlo <email protected>)
Date: 07/24/01

Next message: Carlos Romero Mas: "RE: [phplib] [RFC] Future of phplib"
Previous message: Kristian Koehntopp: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
In reply to: Chris Johnson: "RE: [phplib] stricting methods (was: [RFC] Future of phplib)"
Next in thread: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
Reply: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That's the reason I proposed that 'edulcorated' strict, that could do
something like, to maintain compatibility with all on the $PHP_SELF
value, and still be able to run the actual PHPLIB with register_globals
off

if (ini_get("register_globals","off") ## or how the hell you write this
$PHP_SELF=$HTTP_ $HTTP_SERVER_VARS["PHP_SELF"];

Giancarlo

Chris Johnson wrote:
>
> > -----Original Message-----
> > From: ping <email protected> [mailto:ping <email protected>]On Behalf Of
> > giancarlo pinerolo
>
> > Kristian Koehntopp wrote:
> >
> > > All code is PHP4 only, and requires register_globals set to Off,
> > > as should be standard in all installations anyway (unless you
> > > want to lose your installation to some script kiddie fast).
> >
> > register_globals off will break $PHP_SELF everywhere at the moment...
>
> Yes, it will break a lot of things. I use $DOCUMENT_ROOT all over the
> place to do includes and require pathnames.
>
> But when I started using PHP and then PHPLIB, I didn't understand the
> full implication of having register_globals = On. It was the default,
> and everything worked out of the box with it set that way. I knew I
> could use things like $HTTP_SERVER_VARS["DOCUMENT_ROOT"] and
> $HTTP_POST_VARS["myformvar1"], but that's a lot of typing, so I did not.
>
> Now that I realize the security problem, I just turned off
> register_globals. That means I have just bought myself a lot of work.
> I have to go back and fix all of my pages to for globals like
> DOCUMENT_ROOT and PHP_SELF, and my numerous forms with POST and GET
> variables.
>
> But that's life. I don't want my sites hacked.
>
> PHP should *NOT* ship with register_globals set to Off. In fact, it
> probably shouldn't even be an option, as the security problems are just
> too great and too easy to have.
>
> --
> Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> Kommandoliste mit Mail an: phplib-help <email protected>

-- 
Abbestellen mit Mail an:   phplib-unsubscribe <email protected>
Kommandoliste mit Mail an: phplib-help <email protected>

Next message: Carlos Romero Mas: "RE: [phplib] [RFC] Future of phplib"
Previous message: Kristian Koehntopp: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
In reply to: Chris Johnson: "RE: [phplib] stricting methods (was: [RFC] Future of phplib)"
Next in thread: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
Reply: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]