I currently maintain about 100 sites that use PHP. Many of them were
programmed pre 4.2, and are not compatible with the register_globals=off
setting. Since we use virtual hosts in apache I have been able to modify
that one ini setting for the sites that need it, but now my job is to modify
all of these scripts to be compatible with the register_globals=off setting
so they will be more secured. I'm wondering if anyone out there has written
a script that can look at the PHP scripts and see if they are compatible or
not. I'm sure this would be no easy task, but it would be most useful at
the same time. I've done a find for all of the PHP scripts on our server
and am confronted with over 8,000 scripts that need to be looked at, and
that's just files with the .php extension.... we've got plenty of .inc's and
other various extensions (including a few sites that parse .html as PHP)
that would need to be checked as well.
Anybody got any ideas?
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php