Thread: [PHP] register_globals ??
View Single Post
01-22-2007, 02:54 AM
 #5
Julian is offline Julian
Status: Simply to simplify
Join date: Apr 2005
Location: Foxton, Manawatu, New Zealand
Expertise:
Software:
 
Posts: 5,572
iTrader: 0 / 0%
 

Julian is on a distinguished road

  Old

register_globals is turned off by default by any install of php over PHP 4.2. If it is not then you will have to contact your web host and ask them to turn it to off for security reasons.

If they won't do this then you can do it through your own .htaccess file, add the following line:

php_flag register_globals off

Alternatively you can do this through php:

Originally Posted by php.net
This will emulate register_globals Off. Keep in mind, that this code should be called at the very beginning of your script, or after session_start() if you use it to start your session.
PHP Code:
<?php
// Emulate register_globals off
function unregister_GLOBALS()
{
    if (!ini_get('register_globals')) {
        return;
    }

    // Might want to change this perhaps to a nicer error
    if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
        die('GLOBALS overwrite attempt detected');
    }

    // Variables that shouldn't be unset
    $noUnset = array('GLOBALS',  '_GET',
                     '_POST',    '_COOKIE',
                     '_REQUEST''_SERVER',
                     '_ENV',     '_FILES');

    $input array_merge($_GET,    $_POST,
                         $_COOKIE$_SERVER,
                         $_ENV,    $_FILES,
                         isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
    
    foreach ($input as $k => $v) {
        if (!in_array($k$noUnset) && isset($GLOBALS[$k])) {
            unset($GLOBALS[$k]);
        }
    }
}

unregister_GLOBALS();

?>