 |
 |
 |
 |
|
|
Date: 07/24/01
- Next message: Björn Schotte: "Re: [phplib] Let us end this debate"
- Previous message: Tarique Sani
- In reply to: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
- Next in thread: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
- Reply: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
- Reply: giancarlo pinerolo: "Re: [phplib] stricting methods"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, this can be an *horrible* hack, but this way you only make
available those existent in the HTTP_GET/POST_VARS array, provided you
can place this on top everywhere, and keep your scripts as they are,
with set register_globals off
things to think of:
Then add also for the HTTP_SESSION_VARS and HTTP_COOKIE_VARS? yes if
is_array
Would this work with array input variables (eg <input name="cod[]"> )?
should.
$thearrayname=""; ### much needed !
if ($HTTP_SERVER_VARS["REQUEST_METHOD"]=="GET")
{
$thearrayname="HTTP_GET_VARS";
}
elseif ($HTTP_SERVER_VARS["REQUEST_METHOD"]=="POST")
{
$thearrayname="HTTP_POST_VARS";
}
if (is_array($$thearrayname)
{
while ( list($varname,$varvalue) = each($$thearrayname) )
{
$$varname=$varvalue;
}
}
Hey, this is a quick hack I am writing just now, it's only the idea,
have not checked it, please scrutinize carefully for efficiency,
reusability, security..
Then, after this, everyone will kill me..... ;-)
Giancarlo
Richard Archer wrote:
>
> At 7:37 AM +0200 24/7/01, giancarlo pinerolo wrote:
>
> >That's the reason I proposed that 'edulcorated' strict, that could do
> >something like, to maintain compatibility with all on the $PHP_SELF
> >value, and still be able to run the actual PHPLIB with register_globals
> >off
> >
> >if (ini_get("register_globals","off") ## or how the hell you write this
> > $PHP_SELF=$HTTP_ $HTTP_SERVER_VARS["PHP_SELF"];
>
> [rha <email protected> /tmp]$ locate .php |grep /home |wc
> 833 835 37184
>
> And that's just on my main server.
>
> Much as I would like to turn register_globals off, I *really* don't
> fancy working my way through nearly 1000 scripts fixing all the problems
> that would create.
>
> When I was young and naive, I thought having form variables passed in
> as globals was just about the neatest thing I could imagine.
>
> Now I'm older and wiser, and it's too late.
>
> The only fix I can envisage to this is to set up two web servers on the
> server, one with register_globals off and another with it on. And gradually
> migrate sites from one to the other.
>
> Any other ideas?
>
> ...Richard.
>
> --
> Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> Kommandoliste mit Mail an: phplib-help <email protected>
-- Abbestellen mit Mail an: phplib-unsubscribe <email protected> Kommandoliste mit Mail an: phplib-help <email protected>
- Next message: Björn Schotte: "Re: [phplib] Let us end this debate"
- Previous message: Tarique Sani
- In reply to: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
- Next in thread: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
- Reply: Richard Archer: "Re: [phplib] stricting methods (was: [RFC] Future of phplib)"
- Reply: giancarlo pinerolo: "Re: [phplib] stricting methods"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]