php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #20549 register_global and scoping vars
Submitted: 2002-11-21 13:27 UTC Modified: 2002-11-22 10:51 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: somekool at mytradecenter dot com Assigned:
Status: Wont fix Package: Feature/Change Request
PHP Version: 4.2.2 OS: Slackware Linux
Private report: No CVE-ID: None
 [2002-11-21 13:27 UTC] somekool at mytradecenter dot com
Hi

this is most a request than a regular bug report.
we found that we can't access get and post vars in user defined function by using $var in PHP 4.2. even with register_globals set to on, variable cannot be accessed by using the common way.

this require a lot of work to adapt our code and we prefer to take the responsability on our own. we understand the security issue, and appreciate that PHP take care of user security. but, can't we handle by our own the security problem ? is there any option to make External variables being global as it was ?

thanks

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-21 16:34 UTC] iliaa@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


If you enable register_globals then variables passed via GET/POST/COOKIE will be avaliable in the global scope.
 [2002-11-21 22:09 UTC] somekool at mytradecenter dot com
yes i enabled register_globals

but i would like my variables to be really global and usable in every scope, even in user defined function

function foo()
{
  echo $varX;
}

without specifying "global $varX;"
 [2002-11-22 05:35 UTC] derick@php.net
That is not going to happen.
 [2002-11-22 10:19 UTC] somekool at mytradecenter dot com
but it was already possible to do it.
i dont know which version i used, but it worked fine.
i think this could be customizable. again, even if PHP is secure by default, user could prefer to handle risk on their own.

another little question, do you plan to remove register_globals option availability in future version ? if yes, we will start update our code now. i hope not.

thanks
 [2002-11-22 10:26 UTC] iliaa@php.net
register_globals ini setting will probably be avaliable for a long time to come.
 [2002-11-22 10:50 UTC] derick@php.net
no, most likely not.

Derick
 [2002-11-22 10:51 UTC] derick@php.net
Meaning to say that it will most likely not be removed; atleast not before hell freezes.

Derick
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 18:01:31 2024 UTC