Posted by C. (http://symcbean.blogspot.com/) on 10/24/07 11:15

On 24 Oct, 11:57, +mrcakey <mrca...@nospam.nospam> wrote:
> I understand that register_globals was turned off by default as, unless
> you initialised it, it could be altered by a malicious coder.
>
> What I don't understand is how the $_POST['foo'] form is any more
> secure. Surely Mr Malicious Coder can still just send his own version
> of $_POST['foo']?
>
> Obviously I'm missing something, I just can't figure out what!
>
> +mrcakey

On its own, it probably isn't a big problem - its how it interacts
with the rest of the code e.g.:

<?php
require_once("array_of_admin_users.inc.php");
if (in_array($admin_users, $_SESSION['user'])) {
$admin_user=true;
}

if ($admin_user) { ...

What happens when a non-admin users connects using
http://example.com/transfer_funds.php?admin_user=1 ?

See also http://pear.reversefold.com/dokuwiki/doku.php?id=phpfaqs#why_is_register_globals_bad

C.

• Next in forum: Re: php regular expression doesn't match
• Prev in forum: register_globals on / off - I think I'm missing the point
• Thread view: Re: register_globals on / off - I think I'm missing the point

[Reply to this message]