|
Posted by no on 08/29/06 18:00
On 29 Aug 2006 10:30:47 -0700, "WhatsPHP" <futureofai@gmail.com>
wrote:
>Thanks for all your input on security guys i will certainly keep it in
>mind, but this is an inhouse intranet application and the users who use
>the system barely know how to use it, let alone hack it.. That is the
>reason we had register_globals on. This system maybe internal and on
>the intranet but it has around 20 people using it full time (so it is
>not small)..
>
>We have register_globals on.. What is still bugging me is the totally
>random occurence of this error.. has anyone experienced IE behaving
>weird by not posting all the form variables, both hidden and non-hidden
>as it should?
One thing I would do is to take each script in turn and change them
over to using the more correct syntax for addressing globals - like
$_POST['email'] etc - it will work fine while you have
register_globals on and when you are happy that all the necessary
scripts have been upgraded you could just switch register_globals off.
Like one of the other posters, I think the problem won't be in IE it
will be with your script corrupting the contents of those globals. So,
by changing your script to explicitly refer to them as $_POST you will
reduce the potential for confusion with local variables and hopefully
see where the problem is creeping into your script. :o)
Chris R.
Navigation:
[Reply to this message]
|