Visit: http://www.php.net/register_globals
You will find a script entitled: unregister_globals() -> http://www.php.net/manual/en/security.globals.php#82542
This should be implemented into the script, that way, register_globals is no longer a concern.
Or this...
Code: Select all
// Security
/*ini_set('register_globals', 'Off');
if (ini_get('register_globals')) {
exit('Error: register_globals is enabled!');
}*/
// See: http://uk2.php.net/manual/en/faq.misc.php#53961
if ((bool)@ini_get('register_globals')) {
$superglobals = array($_ENV, $ _GET, $_POST, $_COOKIE, $_FILES, $_SERVER);
if (isset($_SESSION)) {array_unshift($superglobals, $_SESSION); }
$knownglobals = array(
// Known PHP Reserved globals and superglobals:
'_ENV','_GET','_POST','_COOKIE','_FILES','_SERVER','_SESSION','_REQUEST',
'HTTP_ENV_VARS','HTTP_GET_VARS','HTTP_POST_VARS','HTTP_COOKIE_VARS',
'HTTP_FILES_VARS','HTTP_SERVER_VARS','HTTP_SESSION_VARS',
// Global variables used by this code snippet:
'superglobals','knownglobals','superglobal','global','void',
);
foreach ($superglobals as $superglobal) {
foreach ($superglobal as $global => $void) {
if (!in_array($global, $knownglobals)) { unset($GLOBALS[$global]); }
}
}
}why go to all the trouble when the following code added to the first line of your .htaccess file does the exact same thing??
-Dave
Code: Select all
php_flag register_globals Off
Professional Website Services - http://www.davidmgilbert.com/
Active Member
Some people on shared hosting don't have access to do that, and it willy simply produce an error 500.
You have to think about everyone for portability.
You have to think about everyone for portability.
hi, hm2k. Can tell us, where should put in this php code? Or is that need create a php files with this kind of code? Thank you.hm2k wrote: Or this...
Code: Select all
// Security /*ini_set('register_globals', 'Off'); if (ini_get('register_globals')) { exit('Error: register_globals is enabled!'); }*/ // See: http://uk2.php.net/manual/en/faq.misc.php#53961 if ((bool)@ini_get('register_globals')) { $superglobals = array($_ENV, $ _GET, $_POST, $_COOKIE, $_FILES, $_SERVER); if (isset($_SESSION)) {array_unshift($superglobals, $_SESSION); } $knownglobals = array( // Known PHP Reserved globals and superglobals: '_ENV','_GET','_POST','_COOKIE','_FILES','_SERVER','_SESSION','_REQUEST', 'HTTP_ENV_VARS','HTTP_GET_VARS','HTTP_POST_VARS','HTTP_COOKIE_VARS', 'HTTP_FILES_VARS','HTTP_SERVER_VARS','HTTP_SESSION_VARS', // Global variables used by this code snippet: 'superglobals','knownglobals','superglobal','global','void', ); foreach ($superglobals as $superglobal) { foreach ($superglobal as $global => $void) { if (!in_array($global, $knownglobals)) { unset($GLOBALS[$global]); } } } }
Regards,
John
It would go into your index.php file at the root of your store.
But, if you are using OpenCart 0.7.8, it is already in there. Just uncomment
But, if you are using OpenCart 0.7.8, it is already in there. Just uncomment
Code: Select all
ini_set('register_globals', 'Off');
if (ini_get('register_globals')) {
exit('Error: register_globals is enabled!');
}
Last edited by Anonymous on Sun Aug 24, 2008 10:39 am, edited 1 time in total.
Who is online
Users browsing this forum: No registered users and 1 guest
