Re: [PHP] Register Globals

Mon, 21 Jul 2003 17:42:00 -0700

What is your aim?

a) to have the site *work* on a server with rg off, or;

b) to re-engineer your site to be safer and more secure, taking advantage of the REASONS rg was turned off by default?


If it's a, then look at my example on weberdev, or just switch them back on with something like a .htaccess file.

http://www.weberdev.com/get_example.php3?count=3639


If it's b, then I hope your code is well organised and documented, because it's a lot of work... I've done it on a few of my sites, but they were all < 200 scripts.


1. you need to recognise which GET variables are being used in which scripts, then perform a search & replace. Eg replace all instances of $page with $_GET['page'], then test test test to see if everything still works.

2. do the same for POST variables (little easier, because you can view the contents of your forms to get a list -- if you haven't got it all documented somewhere).

3. review your session code (hopefully it's one include file, not 100's of files), replacing your old style code:

<?
$foo = 'bah';
session_register('foo');
// etc
?>

with

<?
$_SESSION['foo'] = 'bah';
// etc
?>

Then find all occurrences of $foo and replace it with $_SESSION['foo'], etc etc.

Test test test.


4. Review your cookies implementation (if any), and replace all your $cookieVars with $_COOKIE['cookieVars'].

Test test test.



That's the four biggest areas to worry about. I ended up re-writing my session code from scratch, and wasn't using cookies (other than session ones), so it was a relatively pain-free job, especially with a good search/replace text editor doing most o the work for me.

I can also recommend doing a back-up of the entire site first, and turning off register globals before you start. So that you're testing the 'broken' code from day 1.


Good luck!


Justin




On Monday, July 21, 2003, at 10:17 PM, Daryl Meese wrote:

I would like to rewrite my scripts to work when register globals is off.
The problem is that my scripts encompass several thousand files. Does
anyone have any suggestions for an effective tool to help in this process?

Daryl Meese


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

---
[This E-mail scanned for viruses]




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to