PHP :: Request #16308 :: unregister_globals() - a function that removes all vars by "register

Request #16308	unregister_globals() - a function that removes all vars by "register_globals"
Submitted:	2002-03-27 08:31 UTC	Modified:	2002-03-27 10:34 UTC
From:	tapken at engter dot de	Assigned:
Status:	Not a bug	Package:	Feature/Change Request
PHP Version:	4.1.2	OS:	Linux 2.4
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-03-27 08:31 UTC] tapken at engter dot de

Hi all!

The new globals vars ($_GET, $_POST, etc) are very nice but they do not bring more security if register_globals = on. Regrettably, many server admins are unable to set "register_globals = off" due to the fact that many scripts would broke.

I would like to see a 'unregister_globals()'-Function (called at the beginning of a script) which parses the gpc-vars and unsets all normal vars with the same name (let's say it undoes register_globals' work).

It would be nice if somebody would inform me if he has such a patch.

bye, Roland

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-27 08:58 UTC] daniel@php.net

and how do you think unregister_globals() should be able to distinguish between variables set by "register_globals" and those by the user? this will more like lead to a big mess.

why not just switch it off?

[2002-03-27 09:01 UTC] daniel@php.net

you can set register_globals = off on a vhost base with php_value in your httpd.conf and slowly migrate each user to the new config.

[2002-03-27 09:05 UTC] tapken at engter dot de

For security reasions i can't use .htaccess for configuring php.

>and how do you think unregister_globals() should be able to distinguish
>between variables set by "register_globals" and those by the user? 

I wrote "called at the beginning of a script". At this time there should not be any variables created by the user.

[2002-03-27 09:45 UTC] mfischer@php.net

He wrote httpd.conf , NOT .htaccess

[2002-03-27 10:34 UTC] rasmus@php.net

So use a one-liner like:
foreach($_REQUEST as $name=>$val) unset($$name);

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue May 07 09:01:31 2024 UTC