For the html character output I just did those two lines in engine.php BOLTdomarkup, and all the changes in markups.php.
Re: register_globals: register_globals can be set in the PHP ini file. Since PHP 4.2.0 the default is OFF, before that default was ON. If register_globals is ON all variables supplied by requests like url requests, form submissions or cookies are automatically registered as global variables, regardless if the script is initialising them. That opens doors for misuse if the script fails to initialise variables. So with register_globals ON if for instance a url contains a string like &name=bob, then a var $name is automatically set with value 'bob'. It is global throughout the script, but in functions all globals except 'Superglobals' like $_POST, $_GET, etc need to be registered before use. So this injected variable $name would not be available in a function unless the function contains a 'global $name;' statement. register_globals ON allowed lazy programming, since variables were just available, instead of having to set them like $name = (isset($_GET['name'])) ? $_GET['name'] : 'defaultname' ; Note that in the example $name is set regardless of it being supplied by the url. So to safegueard against misuse of register_globals ON all variables should be initialised, and not just set in special condition. Basically give each var a default value, before using it, or setting it in a conditional. Initialising vars in functions may not be as critical, but it is good programming practise. Se also http://en.wikibooks.org/wiki/PHP_Programming/Register_Globals ~Hans --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
