[Project_owners] Mozdev.org PHP 5 upgrade; update code for register_globals = off

Mycroft Project mycroft.mozdev.org at googlemail.com
Sat Jan 12 18:46:18 PST 2008


I hope I've got something wrong...

I tried the php snippet above in a testing directory which seems to be
entirely destructive.
Adding:
                               echo $$__v, " | ", $__v, " | ", $__sg, "\n";
before the unset() line seems to suggest that a lot of the Mozdev internals
like $page are also scrubbed - I didn't get any output at all from the page
I was trying to load.

(I was trying to test:
echo $REMOTE_ADDR;
echo $_SERVER['REMOTE_ADDR'];
) where I thought I was expecting the latter to work but the former not to.

More generally, if I read
http://uk.php.net/manual/en/language.variables.predefined.php correctly then
$_GET['foo'] is okay (this wasn't what I understood from the original
message) but $REMOTE_ADDR has to be replaced by $_SERVER['REMOTE_ADDR'] It
also seems to suggest $HTTP_*_VARS is acceptable (though discouraged) given
the default value of register_long_arrays.

Have I entirely misunderstood what's changing / what's required?

All the best,

Charles

On 10/01/2008, Arturo 'Buanzo' Busleiman <buanzo at buanzo.com.ar> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Douglas E. Warner wrote:
> | One of the biggest changes that will come about with this change is that
> PHP's
> | register_globals flag will be set to "off".  This will have wide impact
> on
>
> I'd love to see suhosin installed, and allow_url_fopen = Off in php.net be
> set, too! Properly
> tunned, suhosin can be a WONDERFUL thing for mod_php.
>
> - --
> Arturo "Buanzo" Busleiman
> BUSCO Baterista para estilo brit-pop Zona Norte BsAs
> Independent Security Consultant - SANS - OISSG
> http://www.buanzo.com.ar/pro/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHhnljAlpOsGhXcE0RCvtWAJ9Kut878dIrY0o9QvUoOgNtdAF/OwCeMihC
> R/tkWgIFADhjErLuAGIbliU=
> =ILj9
> -----END PGP SIGNATURE-----
> _______________________________________________
> Project_owners mailing list
> Project_owners at mozdev.org
> https://www.mozdev.org/mailman/listinfo/project_owners
>



-- 
Charles Caygill
Mycroft Project Owner
http://mycroft.mozdev.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.mozdev.org/pipermail/project_owners/attachments/20080113/0acb494a/attachment-0001.html 


More information about the Project_owners mailing list