Legacy reasons, it's not actually required by Midgard per se but by the Admin interfaces which have not yet been rewritten (and propably won't be in a long while)No, root used words like "fucking no way in hell"
register globals can be turned on per virtualhost basis so it shouldn't bee too much of a problem to request it being turned on for the virtualhost that runs the admin interface.
Not very nice of them, especially since it shouldn't even be much of an issue since register globals is only security issue when programmers are sloppy (checking against $logged_in, but not calling unset() before evaluating whether the variable should be set or not) not that relying on register_globals being turned off is not equally sloppy... Always reset your internal variables to known values before starting to use them for anything that matters.
Can i simply change the variables, to the pre-defined global variables such as...
$HTTP_SERVER_VARS
change strings like this to:
$_SERVER
is this all it takes?
um, no: register globals means that variables passed in GETs or POSTs are not automatically registered as variables (in the global scope but that's beside the actual point) but instead placed into arrays $_GET and $_POST, this has the "advantage" that if you want to check value of user input you must check it from those arrays, ie there is "no possibility" of mixing you internal variables with user input (see the $logged_in example on where that could be problematic).
One way of working around this would be placing into first lines of <[code-compat]> of style of the admin interface the following code:
<?php
//Register $_GET variables
while (list ($k, $v) = each ($_GET)) {
$$k=$v;
}//Register $_POST variables
while (list ($k, $v) = each ($_POST)) {
$$k=$v;
}?>
Just don't tell the root ;) since this is for all practical purposes equivalent of having register_globals on (you might want to add one more loop for registering cookie values as well, but I don't remember the new name for the array right now).
/Rambo
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
