info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-16 02:34:00 +02:00
Code Issues Projects Releases Wiki Activity

Update 10-06-01-Register-Globals.md

Browse Source
This commit is contained in:
Przemysław Głębocki
2019-09-30 22:02:24 +02:00
committed by GitHub
parent 3ebe678af0
commit f10f09a279
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
_posts/10-06-01-Register-Globals.md
View File

@@ -8,11 +8,12 @@ anchor: register_globals
**NOTE:** As of PHP 5.4.0 the `register_globals` setting has been removed and can no longer be used. This is only **NOTE:** As of PHP 5.4.0 the `register_globals` setting has been removed and can no longer be used. This is only
included as a warning for anyone in the process of upgrading a legacy application. included as a warning for anyone in the process of upgrading a legacy application.
When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from When enabled, the `register_globals` configuration setting makes several types of variables (including ones from
`$_POST`, `$_GET` and `$_REQUEST`) available in the global scope of your application. This can easily lead to security `$_POST`, `$_GET` and `$_REQUEST`) available in the global scope of your application. This can easily lead to security
issues as your application cannot effectively tell where the data is coming from. issues as your application cannot effectively tell where the data is coming from.
For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared. For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have been declared.
If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__. If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__.
* [Register_globals in the PHP manual](https://secure.php.net/security.globals) * [Register_globals in the PHP manual](https://secure.php.net/security.globals)