I'm not aware of anything like that, apart from PHP itself :)

Turn your error reporting to the strictest setting, and go through your
applications, and it should complain whenever is has to echo/use a undefined

Although that sounds a little daunting with 8000 pages... are you using lots
of include files (for all files which are in a certain section)?  if so, it
quite possible that you only have to modify the header include to keep
things up to date on many pages.

If you do find such a script, I'd be keen to hear about it.   Essentially,
you need to munch through each of your scripts WITH the include/require's
inline, looking for an undefined variable.

Then for each of those undefined variables, figure out if the were supposed
to be from GET, POST, FILES, COOKIE or SESSION, and put a few lines at the
top of the file:

$myvar = $_GET['myvar'];
$myvar2 = $_POST['myvar2'];

It's also probably a lesson in documentation... when I first started in PHP
I was paranoid about everything, and spent AGES on documentation and
comments at the top of files. But I was really thankfull I did, because it
saved me HOURS later on, because I had everything documented... which vars
came from post/get/cookies/sessions/etc.

Good luck,


on 25/09/02 4:00 AM, Thomas Porter ([EMAIL PROTECTED]) wrote:

> I currently maintain about 100 sites that use PHP.  Many of them were
> programmed pre 4.2, and are not compatible with the register_globals=off
> setting.  Since we use virtual hosts in apache I have been able to modify
> that one ini setting for the sites that need it, but now my job is to modify
> all of these scripts to be compatible with the register_globals=off setting
> so they will be more secured.  I'm wondering if anyone out there has written
> a script that can look at the PHP scripts and see if they are compatible or
> not.  I'm sure this would be no easy task, but it would be most useful at
> the same time.  I've done a find for all of the PHP scripts on our server
> and am confronted with over 8,000 scripts that need to be looked at, and
> that's just files with the .php extension.... we've got plenty of .inc's and
> other various extensions (including a few sites that parse .html as PHP)
> that would need to be checked as well.
> Anybody got any ideas?

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to