Quote:
What happens if my server does have register globals activated?
Icy Phoenix
Documentation And How To - SECURITY - Question About Register Globals
Vortex [ Mon 10 Mar, 2008 23:44 ]
Post subject: SECURITY - Question About Register Globals
What happens if my server does have register globals activated?
Post subject: SECURITY - Question About Register Globals
What happens if my server does have register globals activated?
moreteavicar [ Sat 15 Mar, 2008 12:48 ]
Post subject: Re: Question About Register Globals
Post subject: Re: Question About Register Globals
Hail... it shouldn't make any difference one way or the other, as all the page variables that get used here are superglobals... its actually better to have Register Globals off, as this reduces the possibility of any uninitiated variables in the scripts being set via request... (which forms the method of remote file injection) - there aren't any known variables in Icy that can be seeded in this way, but its good not to have register globals on. Some old scripts out there do still depend on register globals being on in order to obtain values of page variables. See http://fr3.php.net/register_globals for more info 
Mighty Gorgon [ Sat 15 Mar, 2008 14:07 ]
Post subject: Re: Question About Register Globals
Post subject: Re: Question About Register Globals
Great answer.
I'll move this topic into Docs section.
I'll move this topic into Docs section.
Vortex [ Sat 15 Mar, 2008 14:14 ]
Post subject: Re: Question About Register Globals
Post subject: Re: Question About Register Globals
moreteavicar [ Mon 07 Apr, 2008 15:52 ]
Post subject: Re: Question About Register Globals
Post subject: Re: Question About Register Globals
Prego kind sir
Actually I should rephrase that first bit: "to my knowledge all the page variables that get used here are superglobals"...
Maybe in some peripheral mod like cash, activity or knowledgebase, which I never use / inspect code of (and too lazy too), possibly some var uses globals rather than superglobals, though I doubt it. I question the sanity of any mod author who writes something that depends on register globals being on, and those mods are advanced enough level to be written by intelligent authors who understand such things...
BTW an obvious way to check such things is how the script handles user input. If a variable is obtained using something like
$var = !empty($_POST['var'])?$_POST['var']:$some_default _value;
then superglobals is being used, and all is well. If the script handles user input, and there isn't a $_POST, $_GET or $_REQUEST in sight, then it depends on register globals being on...
Actually I should rephrase that first bit: "to my knowledge all the page variables that get used here are superglobals"...
Maybe in some peripheral mod like cash, activity or knowledgebase, which I never use / inspect code of (and too lazy too), possibly some var uses globals rather than superglobals, though I doubt it. I question the sanity of any mod author who writes something that depends on register globals being on, and those mods are advanced enough level to be written by intelligent authors who understand such things...
BTW an obvious way to check such things is how the script handles user input. If a variable is obtained using something like
$var = !empty($_POST['var'])?$_POST['var']:$some_default _value;
then superglobals is being used, and all is well. If the script handles user input, and there isn't a $_POST, $_GET or $_REQUEST in sight, then it depends on register globals being on...