Rasmus Lerdorf wrote:
>>>In this whirlwind hack job to turn off register_globals, we have lost a
>>>very useful feature. Or maybe it was lost earlier and I didn't pay
>>>attention.
>>>
>>>Today you cannot set variables_order to "ES" and turn register_globals on
>>>so that only E and S vars end up in the global symbol table. If you do
>>>this, then there is no way to get to G, P and C variables.
>>>$HTTP_GET_VARS/$_GET do not get populated anymore when there is no G in
>>>variables_order, for example.
>>>
>>This should be fixed :)
>>
>
> This of course also affects the import_request_variables() function. For
> example, if variables_order does not contain 'G' then this code:
>
> import_request_variables('GP', 'r_');
>
> will not import GET-method data into $r_*
>
> This should work as well.
>
>
>>It would be a lot easier for PHP application developers
>>if they can assume GPCS are always hashed into $_GET, $_POST,
>>$_COOKIE and $_SERVER. ($_ENV also?)
>>
>>How about make "variable_order" affects only for globals?
>>
>
> Well, you still need to resolve precedence for $_REQUEST somehow.
>
I forgot about $_REQUEST :)
How about this one?
- Store EGPCS to $_* hash and initialize them always.
- Create "global_order" ini entry to determine $GLOBAL
precedence.
- Create "request_order" ini to entry determine $_REQUEST
precedence.
- Get rid of "variable_order" and "gpc_order". If user
uses them, warn about it(?).
This change is acceptable for 4.2.0, IMHO.
(Many lines are needed to be changed, but we are going
to set "register_global=Off" as a default, right?)
--
Yasuo Ohgaki
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
