Re: [Apc-aa-coders] getting rid of register globals

[Honza M. <hon...@ec...>]

Hi Michael,

   'register_globals' have nothing to do with $_SERVER superglobal
variable. The superglobal variables like $_SERVER, $_GET, $_POST are in
PHP since version 4.1, so we can count with them. So, there is no need
for 

   if(!ini_get('register_globals')) {...}

in this case.

You are right, we should rewrite all the $QUERY_STRING_UNESCAPED,
$REQUEST_URI, ... variables to $_SERVER['REQUEST_URI'], ... so the

 shtml_query_string() function should look like:

/** shtml_query_string function
 *  returns query string passed to shtml file (variables are not quoted)
 */
function shtml_query_string() {

    // there is problem (at least with $QUERY_STRING_UNESCAPED), when
    // param=a%26a&second=2 is returned as param=a\\&a\\&second=2 - we can't
    // expode it! - that's why we use $REQUEST_URI, if possible

    $ret_string = ($_SERVER['REQUEST_URI'] AND strpos($_SERVER['REQUEST_URI'], '?')) ?
                            substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?')+1) :
                  ( isset($_SERVER['REDIRECT_QUERY_STRING_UNESCAPED'])    ?
                            stripslashes($_SERVER['REDIRECT_QUERY_STRING_UNESCAPED']) :
                            stripslashes($_SERVER['QUERY_STRING_UNESCAPED']) );
    // get off magic quotes
    return magic_strip($ret_string);
}


   Honza

Michael Moritz píše v Pá 22. 06. 2007 v 17:17 +0100:
> Hi
> 
> just wanted to check whether this is the right way to do this.
> 
> I have changed:
> 
> include/util.php3
> 
> function shtml_query_string() {
>     global $QUERY_STRING_UNESCAPED, $REDIRECT_QUERY_STRING_UNESCAPED, 
> $REQUEST_URI;
>     // there is problem (at least with $QUERY_STRING_UNESCAPED), when
>     // param=a%26a&second=2 is returned as param=a\\&a\\&second=2 - we can't
>     // expode it! - that's why we use $REQUEST_URI, if possible
> 
>     if(!ini_get('register_globals')) {
>         $ret_string = ($_SERVER['REQUEST_URI'] AND 
> strpos($_SERVER['REQUEST_URI'],'?')) ?
>                             
> substr($_SERVER['REQUEST_URI'],strpos($_SERVER['REQUEST_URI'], '?')+1) :
>                       ( 
> isset($_SERVER['REDIRECT_QUERY_STRING_UNESCAPED'])    ?
>                             
> stripslashes($_SERVER['REDIRECT_QUERY_STRING_UNESCAPED']) :
>                             
> stripslashes($_SERVER['QUERY_STRING_UNESCAPED']) );
>         return magic_strip($ret_string);
>     }
>     $ret_string = ($REQUEST_URI AND strpos($REQUEST_URI, '?')) ?
>                             substr($REQUEST_URI, 
> strpos($REQUEST_URI, '?')+1) :
>                   ( isset($REDIRECT_QUERY_STRING_UNESCAPED)    ?
>                             stripslashes($REDIRECT_QUERY_STRING_UNESCAPED) :
>                             stripslashes($QUERY_STRING_UNESCAPED) );
>     // get off magic quotes
>     return magic_strip($ret_string);
> }
> 
> I guess there's other places where I should look - especially in the admin but 
> this seems to make views work
> 
> mimo
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Apc-aa-coders mailing list
> Apc...@li...
> https://lists.sourceforge.net/lists/listinfo/apc-aa-coders
> 
--