From f10f09a279c6d8bffc40a147d60efdc0a3ed9fd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20G=C5=82=C4=99bocki?= Date: Mon, 30 Sep 2019 22:02:24 +0200 Subject: [PATCH] Update 10-06-01-Register-Globals.md --- _posts/10-06-01-Register-Globals.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/_posts/10-06-01-Register-Globals.md b/_posts/10-06-01-Register-Globals.md index 3b4183d..7ae5394 100644 --- a/_posts/10-06-01-Register-Globals.md +++ b/_posts/10-06-01-Register-Globals.md @@ -8,11 +8,12 @@ anchor: register_globals **NOTE:** As of PHP 5.4.0 the `register_globals` setting has been removed and can no longer be used. This is only included as a warning for anyone in the process of upgrading a legacy application. -When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from +When enabled, the `register_globals` configuration setting makes several types of variables (including ones from `$_POST`, `$_GET` and `$_REQUEST`) available in the global scope of your application. This can easily lead to security issues as your application cannot effectively tell where the data is coming from. -For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared. +For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have been declared. + If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__. * [Register_globals in the PHP manual](https://secure.php.net/security.globals)