Msg#: 3558752 posted 4:46 pm on Jan 26, 2008 (gmt 0)
I have 5 old Oscommerce sites on my own dedicated server, all with Register Globals on. Not being a programmer, and with lots of contributions installed, I hope there is some kind of protection to at least remove some loop-holes? Rather than implementing Register Globals Off, I plan in the little longer term to possibly migrate to another ecommerce platform (with register Globals off) as Oscommerce seems to be dying.
In another (old) thread I saw a link to an "Auto Replace" program, that would read through the scripts and make some modifications automatically. The link didn't work though (from 2004 or 2005). Does anyone know where to find such a program, or possibly advise on any protective changes I could perform in my scripts?
Msg#: 3558752 posted 5:09 pm on Jan 26, 2008 (gmt 0)
I hope there is some kind of protection to at least remove some loop-holes?
If you are running an old version of software that has not been patched since register_globals has been addressed ... I think you may have more issues than just register globals. I would upgrade the software. Surely there is an upgrade path for you?
Msg#: 3558752 posted 6:23 pm on Jan 26, 2008 (gmt 0)
Thanks Coopster. You are probably right, but due to the opensource - and somewhat chaotic way - in which contributions are made in Oscommerce, I doubt a patch can be applied with any ease. It would probably require a line-by-line comparison using for example Beyondcompare.
Probably this would be a good thing to do, but the issue of Register Globals has not yet been formally addressed in oscommerce. The only solution is a contribution made by a private guy, but this does not take into consideration all the code made in the other private contributions.
Rather than starting a big project to prepare my Oscommerce sites for PHP5, and register Globals, I would appreciate some advise to make my sites a bit safer. Although I know of course that the right thing to do would be a complete code clean-up and then go to PHP5. But s mentioned, there seems to be no development on the oscommerce platform, so I would prefer to migrate to a never platform and put my efforts in this project.
Msg#: 3558752 posted 7:05 pm on Jan 28, 2008 (gmt 0)
I would appreciate some advise to make my sites a bit safer.
I guess that is what I was attempting to do. The last thing I want you to have is a false sense of security. The only think Using Register Globals [php.net] is going to do for you is make sure you are initializing and using variables as intended.