[PHP] REGISTER_GLOBALS set to off and other issues
I have REGISTER_GLOBALS set to off. I have read and read, but cannot figure out what I need to do code wise to keep from getting the following message: Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 We upgrade from 4.1.1 about a month ago and since then several things are now broken. I need to know how to code around this problem so I don't get this WARNING. I am also having another problem since the upgrade. This seems to be a javascript problem, but it's weird that it's happened on two different servers just after a PHP upgrade. I have static page tops and bottoms that I call with an include for each page. Currently, I have all the javascripts that I use for my entire site in the header: script language=javascript src=library/script1.js/script script language=javascript src=library/script2.js/script etc... If use script1.js on page 1 but don't use script2.js, then I get a javascript error on script1.js. The reason I know this is that if I strip out all but what is essential to page 1, then the javascript runs error free, but if not, I get errors. I don't know if this is a php problem or not, but like I said above, I do know it started with the upgrades. I can deal with this though, because I know how to fix it. I will just take a while. This is a school site and they are on spring break right now. I have until Monday 3/29/2004 to get this fixed. The school's website, which includes homework assignments, lunch menu, etc... will be dead in the water until I do. -- Thanks, Alisa Davis - Madison Academy webmaster -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] register_globals won't turn off!
Well, it does turn off. At least phpinfo() says that it's off. However, PHP is acting as though it's still turned on. The source code for the page I'm using to test this odd result is: html head /head body form action=?=$_SERVER['PHP_SELF']? method=post input name=test input type=submit /form /body /html ?php print $test; phpinfo(); ? I'm running PHP 4.3.3 on RH7. When the form is submited, the value is printed despite the fact it's printing $test and not $_POST['test']. This is copy pasted from the results: register_argc_argv Off Off register_globals Off Off I'm completely stumped. Thanks in advance, Damon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] register_globals won't turn off!
I don't know much about this, but could it have been cached? Cristian Damon Kohler wrote: Well, it does turn off. At least phpinfo() says that it's off. However, PHP is acting as though it's still turned on. The source code for the page I'm using to test this odd result is: html head /head body form action=?=$_SERVER['PHP_SELF']? method=post input name=test input type=submit /form /body /html ?php print $test; phpinfo(); I'm running PHP 4.3.3 on RH7. When the form is submited, the value is printed despite the fact it's printing $test and not $_POST['test']. This is copy pasted from the results: register_argc_argv Off Off register_globals Off Off I'm completely stumped. Thanks in advance, Damon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] register_globals won't turn off!
No, it's not cached. I can type in anything to the input and it'll show up. As in, if I type test into the form, it prints test. Then if I type hello world it'll print hello world. So I'm pretty sure caching isn't the problem. Damon Cristian Lavaque [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I don't know much about this, but could it have been cached? Cristian Damon Kohler wrote: Well, it does turn off. At least phpinfo() says that it's off. However, PHP is acting as though it's still turned on. The source code for the page I'm using to test this odd result is: html head /head body form action=?=$_SERVER['PHP_SELF']? method=post input name=test input type=submit /form /body /html ?php print $test; phpinfo(); I'm running PHP 4.3.3 on RH7. When the form is submited, the value is printed despite the fact it's printing $test and not $_POST['test']. This is copy pasted from the results: register_argc_argv Off Off register_globals Off Off I'm completely stumped. Thanks in advance, Damon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] register_globals won't turn off!
Are you using third party code that might be doing the export to global space itself? Rob. On Sat, 2003-09-27 at 22:21, Damon Kohler wrote: No, it's not cached. I can type in anything to the input and it'll show up. As in, if I type test into the form, it prints test. Then if I type hello world it'll print hello world. So I'm pretty sure caching isn't the problem. Damon Cristian Lavaque [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I don't know much about this, but could it have been cached? Cristian Damon Kohler wrote: Well, it does turn off. At least phpinfo() says that it's off. However, PHP is acting as though it's still turned on. The source code for the page I'm using to test this odd result is: html head /head body form action=?=$_SERVER['PHP_SELF']? method=post input name=test input type=submit /form /body /html ?php print $test; phpinfo(); I'm running PHP 4.3.3 on RH7. When the form is submited, the value is printed despite the fact it's printing $test and not $_POST['test']. This is copy pasted from the results: register_argc_argv Off Off register_globals Off Off I'm completely stumped. Thanks in advance, Damon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] register_globals won't turn off!
I don't think so... You have something particular in mind? You can check out the page itself at http://my.innermetrix.cc/test.php Damon Robert Cummings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Are you using third party code that might be doing the export to global space itself? Rob. On Sat, 2003-09-27 at 22:21, Damon Kohler wrote: No, it's not cached. I can type in anything to the input and it'll show up. As in, if I type test into the form, it prints test. Then if I type hello world it'll print hello world. So I'm pretty sure caching isn't the problem. Damon Cristian Lavaque [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I don't know much about this, but could it have been cached? Cristian Damon Kohler wrote: Well, it does turn off. At least phpinfo() says that it's off. However, PHP is acting as though it's still turned on. The source code for the page I'm using to test this odd result is: html head /head body form action=?=$_SERVER['PHP_SELF']? method=post input name=test input type=submit /form /body /html ?php print $test; phpinfo(); I'm running PHP 4.3.3 on RH7. When the form is submited, the value is printed despite the fact it's printing $test and not $_POST['test']. This is copy pasted from the results: register_argc_argv Off Off register_globals Off Off I'm completely stumped. Thanks in advance, Damon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] register_globals won't turn off!
On Sat, 27 Sep 2003 20:05:10 -0400 Damon Kohler [EMAIL PROTECTED] wrote: Well, it does turn off. At least phpinfo() says that it's off. However, PHP is acting as though it's still turned on. The source code for the page I'm using to test this odd result is: snip I'm running PHP 4.3.3 on RH7. When the form is submited, the value is printed despite the fact it's printing $test and not $_POST['test']. This is copy pasted from the results: register_argc_argv Off Off register_globals Off Off I'm completely stumped. Thanks in advance, Damon Did you reload your http server? -- Raquel If our words are not consistent with our actions, they will never be heard above the thunder of our deeds. --H. Burke Peterson -- Raquel If our words are not consistent with our actions, they will never be heard above the thunder of our deeds. --H. Burke Peterson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] register_globals not turning off
I turn register_globals off using this command: but my get variables are still accessible as variables. Any ideas. phpinfo() says: register_argc_argv Off register_globals Off PHP Version 4.0.6 Charlie -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] register_globals not turning off
what command? if you're using ini_set you can't. in this case it'll set the local value but it's of no consequence, register_globals has already done its thing before getting to the script. use of .htaccess is possible. regards, Philip Olson On Thu, 13 Dec 2001, Charlie Killian wrote: I turn register_globals off using this command: but my get variables are still accessible as variables. Any ideas. phpinfo() says: register_argc_argv Off register_globals Off PHP Version 4.0.6 Charlie -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] register_globals on or off?
Hi, Could someone explain what the following passage in php.ini means: You should do your best to write your scripts so that they do not require ; register_globals to be on; Using form variables as globals can easily lead ; to possible security problems, if the code is not very well thought of. If register_globals is off, does that mean you cannot access form variables by just referring to their name? And, if that is so, how do you pass information from forms to your action script? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] register_globals on or off?
Could someone explain what the following passage in php.ini means: You should do your best to write your scripts so that they do not require ; register_globals to be on; Using form variables as globals can easily lead ; to possible security problems, if the code is not very well thought of. If register_globals is off, does that mean you cannot access form variables by just referring to their name? Correct And, if that is so, how do you pass information from forms to your action script? They will be in the $HTTP_POST_VARS array. However, as long as you watch what you are doing, leaving register_globals on is fine. Don't use undefined variables and never pass stuff directly to any system() or file operation functions without carefully checking your data. Turning off register_globals and simply using $HTTP_POST_VARS everywhere really doesn't help that much in this respect. POST vars are easily spoofed, so don't think that just turning off register_globals will suddenly make your scripts secure. It won't. Never trust user-supplied data. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] register_globals on or off?
hi [[EMAIL PROTECTED]] wrote: Hi, Could someone explain what the following passage in php.ini means: You should do your best to write your scripts so that they do not require ; register_globals to be on; Using form variables as globals can easily lead ; to possible security problems, if the code is not very well thought of. If register_globals is off, does that mean you cannot access form variables by just referring to their name? And, if that is so, how do you pass information from forms to your action script? If you had register_globals Off *AND* track_vars On, you could change: from: $frmCompanyName to: $HTTP_GET_VARS["frmCompanyName"] or $HTTP_POST_VARS["frmCompanyName"] depending on your action method. HTH. -- Hardy Merrill Mission Critical Linux, Inc. http://www.missioncriticallinux.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
