Quote:

These other requirements (even if not strictly needed) are suggested for optimal performance of Icy Phoenix:

    * Webserver with .htaccess capability
    * Apache Rewrite Mod installed and running
    * GD Libraries (at least 2.0.28) installed and running
    * Register Globals set to OFF

What happens if my server does have register globals activated?

Hail... it shouldn't make any difference one way or the other, as all the page variables that get used here are superglobals... its actually better to have Register Globals off, as this reduces the possibility of any uninitiated variables in the scripts being set via request... (which forms the method of remote file injection) - there aren't any known variables in Icy that can be seeded in this way, but its good not to have register globals on. Some old scripts out there do still depend on register globals being on in order to obtain values of page variables. See http://fr3.php.net/register_globals for more info

Great answer.

I'll move this topic into Docs section.

____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON

moreteavicar wrote: [View Post]

Hail... it shouldn't make any difference one way or the other, as all the page variables that get used here are superglobals... its actually better to have Register Globals off, as this reduces the possibility of any uninitiated variables in the scripts being set via request... (which forms the method of remote file injection) - there aren't any known variables in Icy that can be seeded in this way, but its good not to have register globals on. Some old scripts out there do still depend on register globals being on in order to obtain values of page variables. See http://fr3.php.net/register_globals for more info

Thanks mate

Prego kind sir
Actually I should rephrase that first bit: "to my knowledge all the page variables that get used here are superglobals"...
Maybe in some peripheral mod like cash, activity or knowledgebase, which I never use / inspect code of (and too lazy too), possibly some var uses globals rather than superglobals, though I doubt it. I question the sanity of any mod author who writes something that depends on register globals being on, and those mods are advanced enough level to be written by intelligent authors who understand such things...

BTW an obvious way to check such things is how the script handles user input. If a variable is obtained using something like

$var = !empty($_POST['var'])?$_POST['var']:$some_default _value;  

then superglobals is being used, and all is well. If the script handles user input, and there isn't a $_POST, $_GET or $_REQUEST in sight, then it depends on register globals being on...