[PHP-DOC] cvs: phpdoc /en/language variables.xml

Sat, 12 Jan 2002 15:18:08 -0800 

philip          Sat Jan 12 18:20:53 2002 EDT

  Modified files:              
    /phpdoc/en/language variables.xml 
  Log:
  Superglobals: Documented $_ GET/POST/COOKIE/REQUEST/SERVER/ENV/SESSION 
                TODO: Maybe list them seperatly during restructure, seems 
                    like everything is documented twice now (sorry) :)
  Documented $HTTP_SESSION_VARS
  Added a link to security chapter on register_globals
  
  
Index: phpdoc/en/language/variables.xml
diff -u phpdoc/en/language/variables.xml:1.26 phpdoc/en/language/variables.xml:1.27
--- phpdoc/en/language/variables.xml:1.26       Wed Dec 12 15:47:40 2001
+++ phpdoc/en/language/variables.xml    Sat Jan 12 18:20:53 2002
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.26 $ -->
+<!-- $Revision: 1.27 $ -->
  <chapter id="language.variables">
   <title>Variables</title>
   
@@ -454,19 +454,22 @@
      </para>
     </note>
 
+    <note>
+     <para>
+      The new "Superglobals" were added in PHP version 4.1.0. 
+      See the <ulink url="&url.php.release4.1.0;">4.1.0 Release 
+      Announcement</ulink> for more details.
+     </para>
+    </note>
+
     <para>
      If the <link
      linkend="ini.register-globals">register_globals</link> directive
      is set, then these variables will also be made available in the
      global scope of the script; i.e., separate from the
-     <varname>$HTTP_*_VARS</varname> arrays. This feature should be
-     used with care, and turned off if possible; while the
-     <varname>$HTTP_*_VARS</varname> variables are safe, the bare
-     global equivalents can be overwritten by user input, with
-     possibly malicious intent. If you cannot turn off <link
-     linkend="ini.register-globals">register_globals</link>, you must
-     take whatever steps are necessary to ensure that the data you are
-     using is safe.
+     <varname>$HTTP_*_VARS</varname> and <varname>$_*</varname> 
+     arrays.  For related information, see the security chapter titled 
+     <link linkend="security.registerglobals">Using Register Globals</link>.
     </para>
     
     <para>
@@ -513,6 +516,16 @@
         </simpara>
        </listitem>
       </varlistentry>
+
+      <varlistentry>
+       <term>$_COOKIE</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script via HTTP cookies.  Automatically global in any scope. 
+        </simpara>
+       </listitem>
+      </varlistentry>
       
       <varlistentry>
        <term>$HTTP_GET_VARS</term>
@@ -523,6 +536,17 @@
         </simpara>
        </listitem>
       </varlistentry>
+
+      <varlistentry>
+       <term>$_GET</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script via the HTTP GET method.  Automatically global in 
+         any scope.
+        </simpara>
+       </listitem>
+      </varlistentry>
       
       <varlistentry>
        <term>$HTTP_POST_VARS</term>
@@ -533,6 +557,17 @@
         </simpara>
        </listitem>
       </varlistentry>
+
+      <varlistentry>
+       <term>$_POST</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script via the HTTP POST method.  Automatically global in 
+         any scope.
+        </simpara>
+       </listitem>
+      </varlistentry>
     
       <varlistentry>
        <term>$HTTP_POST_FILES</term>
@@ -562,6 +597,17 @@
       </varlistentry>
 
     <varlistentry>
+       <term>$_ENV</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script via the parent environment.  Automagically global 
+         in any scope.
+        </simpara>
+       </listitem>
+      </varlistentry>
+
+    <varlistentry>
        <term>$HTTP_SERVER_VARS</term>
        <listitem>
         <simpara>
@@ -571,6 +617,52 @@
         </simpara>
        </listitem>
       </varlistentry>
+
+    <varlistentry>
+       <term>$_SERVER</term>
+       <listitem>
+        <simpara>
+         An associative array of variables passed to the current
+         script from the HTTP server. These variables are analogous to
+         the Apache variables described above.  Automatically global 
+         in any scope.
+        </simpara>
+       </listitem>
+       </varlistentry>
+
+    <varlistentry>
+       <term>$HTTP_SESSION_VARS</term>
+       <listitem>
+        <simpara>
+         An associative array of session variables passed to the current
+         script.
+        </simpara>
+       </listitem>
+      </varlistentry>
+
+    <varlistentry>
+       <term>$_SESSION</term>
+       <listitem>
+        <simpara>
+         An associative array of session variables passed to the current
+         script.  Automatically global in any scope.  Creating new entries 
+         in the $_SESSION array will automatically register them as session 
+         variables, as if you called <function>session_register</function>.
+        </simpara>
+       </listitem>
+      </varlistentry>
+
+    <varlistentry>
+       <term>$_REQUEST</term>
+       <listitem>
+        <simpara>
+         An associative array merged from the GET, POST, and Cookie variables.        
+  In other words - all the information that is coming from the user, 
+         and that from a security point of view, cannot be trusted.
+         Automatically global in any scope.
+        </simpara>
+       </listitem>
+      </varlistentry>
+
      </variablelist>
     </para>

Reply via email to