Sounds really good to be! Now if they would code this into PHP, it would be perfect. This would solve several security issues.
Matthew Walker Senior Software Engineer ePliant Marketing -----Original Message----- From: Amit Arora [mailto:[EMAIL PROTECTED] (nospam)] Sent: Wednesday, April 17, 2002 11:13 AM To: [EMAIL PROTECTED] Subject: [PHP] SafeExtract() ... extract securily Hi, For security reasons ... Global Variables is to be turned off ... But the global variables was an hassle free way to get the variables into the global scope. Here is an alternate to it and do it securily ... A simple example would be ... Just use the following function on top of the code ... SafeExtract( array( 'any' => array( 'name', 'userid' ), 'post' => array( 'password', 'credit_card_number' ) 'get' => array( 'url', 'key' ), 'cookie' => array( 'last_visit', 'last_activity' ) ); Above code means ... Variables 'name' and 'userid' would be made global if present in GET, POST, COOKIE variables Variables 'password' and 'credit_card_number' would be made global if present ONLY in POST vars else would be unset Variables 'url' and 'key' would be made global if present ONLY in GET vars else would be unset Variables 'last_visit' and 'last_activity' would be made global if present ONLY in COOKIE vars else would be unset that is if you try to pass 'password' from GET variables, it would not be made global, and in fact if there is a variable in global scope as 'password' it would be unset the function also takes care of striping slashes from the variables ... Any comments, suggestion or error reports would be helpful ... Amit Arora (http://www.digitalamit.com/) Earn Money by reading short emails ... http://hits4pay.com/members/index.cgi?digitalamit ----------------------------------------------------------------------- ----------------------------------------------------------------------- // Copyright Amit Arora (c) 2002 // Following code is part of phpObjects // Permission given to use the code as is in whole. // http://www.digitalamit.com/ // Create variables for PHP3 and pre PHP 4.1 if (isset($HTTP_GET_VARS)) { $_GET = & $HTTP_GET_VARS; } if (isset($HTTP_POST_VARS)) { $_POST = & $HTTP_POST_VARS; } if (isset($HTTP_COOKIE_VARS)) { $_COOKIE = & $HTTP_COOKIE_VARS; } /* Function SafeExtract() Safely extract the Parameter: array1, array2, ... */ function SafeExtract() { global $_GET, $_POST, $_COOKIE; foreach( func_get_args() as $v ) { if( is_array( $v ) ) while( list( $key, $value ) = each( $v ) ) { switch ( $key ) { case 'any': if ( is_array( $value ) ) foreach ( $value as $e ) { if ( isset($_COOKIE[$e]) ) $GLOBALS[$e] = $_COOKIE[$e]; if ( isset($_POST[$e]) ) $GLOBALS[$e] = (get_magic_quotes_gpc() ? stripslashes($_POST[$e]) : $_POST[$e]); if ( isset($_GET[$e]) ) $GLOBALS[$e] = (get_magic_quotes_gpc() ? stripslashes($_GET[$e]): $_GET[$e]); } break; case 'get': if ( is_array( $value ) ) foreach ( $value as $e ) { if ( isset($_GET[$e]) ) { $GLOBALS[$e] = (get_magic_quotes_gpc() ? stripslashes($_GET[$e]): $_GET[$e]); } else { unset( $GLOBALS[$e] ); } } break; case 'post': if ( is_array( $value ) ) foreach ( $value as $e ) { if ( isset($_POST[$e]) ) { $GLOBALS[$e] = (get_magic_quotes_gpc() ? stripslashes($_POST[$e]) : $_POST[$e]); } else { unset( $GLOBALS[$e] ); } } break; case 'cookie': if ( is_array( $value ) ) foreach ( $value as $e ) { if ( isset($_COOKIE[$e]) ) { $GLOBALS[$e] = $_COOKIE[$e]; } else { unset( $GLOBALS[$e] ); } } break; } } } } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.345 / Virus Database: 193 - Release Date: 4/9/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
