Kind of defeats the purpose. You could easily use extract() or the import_request_variables() function to do what you want. It would be the same as having register globals on, though...
---John Holmes... > -----Original Message----- > From: Thom Porter [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 25, 2002 12:05 AM > To: Justin French; [EMAIL PROTECTED] > Subject: Re: [PHP] script to check for register_gloabs=off compatibility > > Justin, > > Thanks for the response. > > The applications vary from site to site. Many of them use include files, > some of them don't. One thing that is nice is any apps that use cookies > or > sessions go through the _COOKIE or _SESSION arrays already. > > I did think of something that could be very useful, but I'm not sure if > it's > just as bad as having register_gloabls on or not... but basically, > something > like this: > > foreach($_POST as $k=>$v) { > $$k = $v; > } > > Does that not defeat the purpose, or is it just a really good idea? > > Thanks! > > Thom Porter > ----- Original Message ----- > From: "Justin French" <[EMAIL PROTECTED]> > To: "Thomas Porter" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, September 24, 2002 6:23 PM > Subject: Re: [PHP] script to check for register_gloabs=off compatibility > > > > I'm not aware of anything like that, apart from PHP itself :) > > > > Turn your error reporting to the strictest setting, and go through your > > applications, and it should complain whenever is has to echo/use a > undefined > > variable. > > > > Although that sounds a little daunting with 8000 pages... are you using > lots > > of include files (for all files which are in a certain section)? if so, > it > > quite possible that you only have to modify the header include to keep > > things up to date on many pages. > > > > If you do find such a script, I'd be keen to hear about it. > Essentially, > > you need to munch through each of your scripts WITH the > include/require's > > inline, looking for an undefined variable. > > > > Then for each of those undefined variables, figure out if the were > supposed > > to be from GET, POST, FILES, COOKIE or SESSION, and put a few lines at > the > > top of the file: > > > > $myvar = $_GET['myvar']; > > $myvar2 = $_POST['myvar2']; > > > > > > It's also probably a lesson in documentation... when I first started in > PHP > > I was paranoid about everything, and spent AGES on documentation and > > comments at the top of files. But I was really thankfull I did, because > it > > saved me HOURS later on, because I had everything documented... which > vars > > came from post/get/cookies/sessions/etc. > > > > > > Good luck, > > > > Justin > > > > > > on 25/09/02 4:00 AM, Thomas Porter ([EMAIL PROTECTED]) wrote: > > > > > I currently maintain about 100 sites that use PHP. Many of them were > > > programmed pre 4.2, and are not compatible with the > register_globals=off > > > setting. Since we use virtual hosts in apache I have been able to > modify > > > that one ini setting for the sites that need it, but now my job is to > modify > > > all of these scripts to be compatible with the register_globals=off > setting > > > so they will be more secured. I'm wondering if anyone out there has > written > > > a script that can look at the PHP scripts and see if they are > compatible > or > > > not. I'm sure this would be no easy task, but it would be most useful > at > > > the same time. I've done a find for all of the PHP scripts on our > server > > > and am confronted with over 8,000 scripts that need to be looked at, > and > > > that's just files with the .php extension.... we've got plenty of > .inc's > and > > > other various extensions (including a few sites that parse .html as > PHP) > > > that would need to be checked as well. > > > > > > Anybody got any ideas? > > > > > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
