Post by hm2k » Wed May 21, 2008 5:11 pm

Visit: http://www.php.net/register_globals

You will find a script entitled: unregister_globals() -> http://www.php.net/manual/en/security.globals.php#82542

This should be implemented into the script, that way, register_globals is no longer a concern.

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK

Post by hm2k » Wed Jun 25, 2008 11:56 pm

Or this...

Code: Select all

// Security
/*ini_set('register_globals', 'Off');

if (ini_get('register_globals')) {
	exit('Error: register_globals is enabled!');
}*/
// See: http://uk2.php.net/manual/en/faq.misc.php#53961
if ((bool)@ini_get('register_globals')) {
    $superglobals = array($_ENV, $ _GET, $_POST, $_COOKIE, $_FILES, $_SERVER);
    if (isset($_SESSION)) {array_unshift($superglobals, $_SESSION); }
    $knownglobals = array(
		// Known PHP Reserved globals and superglobals:
		'_ENV','_GET','_POST','_COOKIE','_FILES','_SERVER','_SESSION','_REQUEST',
		'HTTP_ENV_VARS','HTTP_GET_VARS','HTTP_POST_VARS','HTTP_COOKIE_VARS',
		'HTTP_FILES_VARS','HTTP_SERVER_VARS','HTTP_SESSION_VARS',
        // Global variables used by this code snippet:
        'superglobals','knownglobals','superglobal','global','void',
    );
    foreach ($superglobals as $superglobal) {
        foreach ($superglobal as $global => $void) {
            if (!in_array($global, $knownglobals)) { unset($GLOBALS[$global]); }
        }
    }
}

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK

Post by david.gilbert » Thu Jun 26, 2008 12:04 pm

why go to all the trouble when the following code added to the first line of your .htaccess file does the exact same thing??

Code: Select all

php_flag register_globals Off
-Dave

Professional Website Services - http://www.davidmgilbert.com/


User avatar
Active Member

Posts

Joined
Sun Jan 06, 2008 5:02 pm
Location - Mount Compass, South Australia

Post by hm2k » Thu Jun 26, 2008 4:43 pm

Some people on shared hosting don't have access to do that, and it willy simply produce an error 500.

You have to think about everyone for portability.

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK

Post by johny2k » Sun Aug 24, 2008 9:58 am

hm2k wrote: Or this...

Code: Select all

// Security
/*ini_set('register_globals', 'Off');

if (ini_get('register_globals')) {
	exit('Error: register_globals is enabled!');
}*/
// See: http://uk2.php.net/manual/en/faq.misc.php#53961
if ((bool)@ini_get('register_globals')) {
    $superglobals = array($_ENV, $ _GET, $_POST, $_COOKIE, $_FILES, $_SERVER);
    if (isset($_SESSION)) {array_unshift($superglobals, $_SESSION); }
    $knownglobals = array(
		// Known PHP Reserved globals and superglobals:
		'_ENV','_GET','_POST','_COOKIE','_FILES','_SERVER','_SESSION','_REQUEST',
		'HTTP_ENV_VARS','HTTP_GET_VARS','HTTP_POST_VARS','HTTP_COOKIE_VARS',
		'HTTP_FILES_VARS','HTTP_SERVER_VARS','HTTP_SESSION_VARS',
        // Global variables used by this code snippet:
        'superglobals','knownglobals','superglobal','global','void',
    );
    foreach ($superglobals as $superglobal) {
        foreach ($superglobal as $global => $void) {
            if (!in_array($global, $knownglobals)) { unset($GLOBALS[$global]); }
        }
    }
}
hi, hm2k. Can tell us, where should put in this php code? Or is that need create a php files with this kind of code? Thank you.

Regards,
John

New member

Posts

Joined
Tue Mar 04, 2008 4:35 pm

Post by Geek » Sun Aug 24, 2008 10:37 am

It would go into your index.php file at the root of your store.

But, if you are using OpenCart 0.7.8, it is already in there. Just uncomment

Code: Select all

ini_set('register_globals', 'Off');

if (ini_get('register_globals')) {
	exit('Error: register_globals is enabled!');
}
Last edited by Anonymous on Sun Aug 24, 2008 10:39 am, edited 1 time in total.

~Simplygeek.net


New member

Posts

Joined
Sat May 17, 2008 1:00 pm
Location - Cyberspace, the final frontier...
Who is online

Users browsing this forum: No registered users and 5 guests