Posted by J.O. Aho on 01/25/06 20:45

Roddytoo wrote:
> Hi
> Received this, I only just mananged to build the website, don't have a clue
> on how to handle this, any advice gratefully received. Website already not
> working, could it be this set up prematurely?
> (message)
> This is to let you know that as from 1 Feb 2006 the setting
> "register_globals" in php will be disabled.
>
> This setting has been disabled by default for sometime as it poses security
> issues in certain php scripts.
>
> Unfortunately if you site needs the "register_globals" enabled you will need
> to recode the script.
>
> If you are using third party scripts, you are advised to get the most recent
> release, as most well known php scripts have already been recoded to work
> with the new php default settings.
> ?
>
> We apologise for the inconvenience this may cause you.
>
> Waaaah! Help!
> Chris

It's quite simple, the way PHP worked before and now is a bit different when
it comes to sending data to the php script.

before you could call a script like this
http://www.example.net/myscript.php?variable=something

and in your code you could access it at once
<?PHP
echo $variable ."\n";
?>

Today it's not automatically set, you need to fetch the value from a
"register" and you do it this way
<?PHP
$variable=$_REQUEST['variable'];
echo $variable ."\n";
?>

This for otherwise a person could overwrite variables you define in your
script which can lead to really bad things in worst case.


You can add the following to your PHP pages and they will work again, but I do
suggest you rewrite them properly.

if(!get_cfg_var("register_globals")) {

if (!empty($_GET)) {
extract($_GET);
} else if (!empty($HTTP_GET_VARS)) {
extract($HTTP_GET_VARS);
}

if (!empty($_POST)) {
extract($_POST);
} else if (!empty($HTTP_POST_VARS)) {
extract($HTTP_POST_VARS);
}

if (!empty($_COOKIE)) {
extract($_COOKIE);
} else if (!empty($HTTP_COOKIE_VARS)) {
extract($HTTP_COOKIE_VARS);
}
}




--

//Aho

[Back to original message]