|
12-14-2003, 09:26 AM | #1 |
Green Mole
Join Date: Dec 2003
Location: Germany, BaWue
Posts: 6
|
phpdigHttpVars - register_globals
What is phpdigHttpVars exactly doing?
Am I right, that it is circumventing the deactivation of register_globals? This is index.php: PHP Code:
__________________
Linux - where do you want to go tomorrow? Last edited by chris2000; 12-14-2003 at 09:31 AM. |
12-14-2003, 04:05 PM | #2 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
PHP Code:
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
12-15-2003, 02:47 AM | #3 | |
Green Mole
Join Date: Dec 2003
Location: Germany, BaWue
Posts: 6
|
Quote:
I'll go on reading the code, and if I've further questions, I'll ask here again .
__________________
Linux - where do you want to go tomorrow? |
|
12-15-2003, 08:55 AM | #4 | |
Green Mole
Join Date: Dec 2003
Location: Germany, BaWue
Posts: 6
|
Quote:
__________________
Linux - where do you want to go tomorrow? |
|
12-16-2003, 08:25 AM | #5 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
Hi. When I test your code using ...search.php?test=test I receive the following output.
in the beginning: test after phpdigHttpVars - test: test
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
12-16-2003, 11:28 AM | #6 |
Green Mole
Join Date: Dec 2003
Location: Germany, BaWue
Posts: 6
|
Hi charter,
okay, then you have register_globals enabled. I have disabled it on my computer. I've also accessed index.php?test=test. Then the output-line in the beginning of the script is empty (that's okay, because register_globals is disabled). BUT the second line is "after phpdigHttpVars - test: test". Why that? Although $test isn't part of the array it's made global. That's what I didn't understand. Sorry, my comments in the code in my first posting were imprecise. I want to read the rest of the code of the search itself (the admin and spidering is not so interesting), but the search should also work with disabled register_globals. I think that's better for security-reasons. (Okay, maybe I'm a bit paranoid ). Bye, Chris
__________________
Linux - where do you want to go tomorrow? |
12-16-2003, 11:47 AM | #7 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
Hi. It's because of the following code found in the phpdigHttpVars function.
PHP Code:
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
12-16-2003, 12:37 PM | #8 |
Green Mole
Join Date: Dec 2003
Location: Germany, BaWue
Posts: 6
|
Thank's a lot. I understood.
|
Thread Tools | |
|
|