Forum Moderators: coopster
I have a kind of old script for polls that I heavily modified it during years. The main code still there.
Today i realize that is using register_globals On (tested new changes in a local xampp installation).
Is there any good information regarding register_globals On¦Off around to share?
I need to prepare this script to register_globals Off but I don't know where to start.
Any help is really appreciated.
Regards,
Are you interested in actually fixing the script correctly or hacking it so that it works as if register_globals is enabled?
If you want to fix the script then you have to figure out where each of the variables in the script are coming from and replace them with the appropriate superglobal. For example, if
$id$id$_GET['id']If you wanted to just hack the script then you could fake the register globals by doing something like the following:
extract($_REQUEST);
Add that to the top and it should emulate register globals. Note, however, that this method is not the best approach. You should really fix the script as I have described above.
Good luck. :)
In one of the scripts I found this code but apparently is not enough as I mentioned in my first post:
/* in case register_globals is disabled.. */
if(!isset($_GET) && isset($HTTP_GET_VARS)) {
$_GET = $HTTP_GET_VARS;
}
if(!isset($_COOKIE) && isset($HTTP_COOKIE_VARS)) {
$_COOKIE = $HTTP_COOKIE_VARS;
}
if(!isset($_SERVER) && isset($HTTP_SERVER_VARS)) {
$_SERVER = $HTTP_SERVER_VARS;
}
/* some servers put things in $_ENV that others put in $_SERVER */
if(isset($_ENV) && is_array($_ENV)) {
while(list($k,$v) = each($_ENV)) {
if(!isset($_SERVER[$k]) ¦¦ $_SERVER[$k] == "") { $_SERVER[$k] = $v; }
}
} else if(isset($HTTP_ENV_VARS) && is_array($HTTP_ENV_VARS)) {
while(list($k,$v) = each($HTTP_ENV_VARS)) {
if(!isset($_SERVER[$k]) ¦¦ $_SERVER[$k] == "") { $_SERVER[$k] = $v; }
}
}
if(isset($_POST) && is_array($_POST)) {
extract($_POST, EXTR_OVERWRITE);
} else if(isset($HTTP_POST_VARS) && is_array($HTTP_POST_VARS)) {
extract($HTTP_POST_VARS, EXTR_OVERWRITE);
} /* fix up our cookie arrays and don't trust integrity */
if(isset($_COOKIE['ppvar'])) {
$ppvar= unserialize(stripslashes($_COOKIE['ppvar']));
while(is_array($ppvar) && list($k,$v) = each($ppvar)) {
$ppvar[$k] = addslashes($v);
}
}
if(isset($_COOKIE['ppauth'])) {
$ppauth = unserialize(stripslashes($_COOKIE['ppauth']));
}
/* make sure query_string is set after an ssi */
if(!isset($_SERVER['QUERY_STRING']) ¦¦ $_SERVER['QUERY_STRING'] == "") {
if(isset($_SERVER['QUERY_STRING_UNESCAPED'])) {
$_SERVER['QUERY_STRING'] = str_replace("\\","",$_SERVER['QUERY_STRING_UNESCAPED']);
parse_str($_SERVER['QUERY_STRING']);
} else {
$_SERVER['QUERY_STRING'] = "";
}
}
Any Ideas?
