PHPLib should work when register_globals is off.
See bug #446455. (Also submitted accidently as patch
Many PHPLib scripts depend on PHP automatically
registering variables into the global name space.
If we set register_globals to off via .htaccess (or
another method) for security reasons then portions of
PHPLib fail to function properly.
In bug #446455 I document a short-term work around.
It would be better if the PHPLib scripts would work
properly regardless to the setting of
In specific PHPLib should use the HTTP_*_VARS to
gather the values of variables passed from the client.
In function auth_validatelogin() we see:
global $username, $password;
This should be re-coded as:
$username = $HTTP_POST_VARS["username"];
$password = $HTTP_POST_VARS["password"];
Or even better is:
$username = isset($HTTP_POST_VARS
["username"]) ? $HTTP_POST_VARS["username"] : "";
$password = isset($HTTP_POST_VARS
["password"]) ? $HTTP_POST_VARS["password"] : "";
Use of isset() is added to prevent errors when using
The script session.inc is coded pretty well. Others
I think this is important for the long-term viablility