php register_globals turned off

[posted: ]  [0 comments]

without any kind of active notification (sure, you’ll find a message on some forum if you search the web), my webspace provider turned off register_globals in PHP today.
the effect on my website: everything but the blog was practically inoperable.

if this happens to you, here’s a short-run solution: insert the following code-snippet at the very beginning of the concerning files:

    <?php
       if(!empty($_GET)) extract($_GET);
       if(!empty($_POST)) extract($_POST);
    ?>

this also works with $_SERVER, and it should be working with $_COOKIE as well (but i haven’t tested that yet)…

 
it’s only a temporary solution, though, because it bypasses the effects of register_globals being turned off, for that specific file:
 
with register_globals turned ON, all the variables that are transmitted to the server (get, post, cookie, mainly) can just be used just by the name they were entered.
if you access a php-page and enter “?s=text” after the filename (=sending a get-variable “s” with the value being “text”), for example, you can use “$s” rightaway in the script.

because there have been security concerns, you now have to first assign the query’s variable to the variable in the script, limiting the input to get-queries (in this example):

    $s = $_GET['s'];

speaking of purpose, this is a bad example. but regarding cookies i seems more reasonable – until shortly, it was possible to just simulate a cookie by sending the needed variables in a get-request…


Leave a Reply