"register_globals off" and "session side-effect"
"register_globals off" and "session side-effect"
am 16.01.2008 02:11:59 von kurdayon
Hi,
I set the register_globals off and try to get my code working under
the new conditions. I stuck on the following problem:
Warning: Unknown(): Your script possibly relies on a session side-
effect which existed until PHP 4.2.3. Please be advised that the
session extension does not consider global variables as a source of
data, unless register_globals is enabled. You can disable this
functionality and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0
I have no idea what they understand under the "session side-effect" as
well as "session extension" and how this "extension" can "consider"
something.
I tried to find something in the newsgroups and I found that:
http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd
But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:18:56 von Daniel Ennis
Kurda Yon wrote:
> Hi,
>
> I set the register_globals off and try to get my code working under
> the new conditions. I stuck on the following problem:
>
> Warning: Unknown(): Your script possibly relies on a session side-
> effect which existed until PHP 4.2.3. Please be advised that the
> session extension does not consider global variables as a source of
> data, unless register_globals is enabled. You can disable this
> functionality and this warning by setting session.bug_compat_42 or
> session.bug_compat_warn to off, respectively. in Unknown on line 0
>
> I have no idea what they understand under the "session side-effect" as
> well as "session extension" and how this "extension" can "consider"
> something.
>
> I tried to find something in the newsgroups and I found that:
> http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd
>
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?
Your going to need to paste us some of the code. Kind of hard to tell
what its not liking without seeing it.
--
Daniel Ennis
faNetworks.net - Quality Web Hosting and Ventrilo Services
System Administrator / Web Developer
PHP Developer for 6 years
daniel@fanetworks.net
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:30:45 von thyb0
Kurda Yon wrote:
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?
Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:
...
if( isset($admin) ) {
..
}
...
Now: http://mysite.net/myscript.php?admin=1
Here we go.
Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];
-thib´
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:37:03 von Jerry Stuckle
Kurda Yon wrote:
> Hi,
>
> I set the register_globals off and try to get my code working under
> the new conditions. I stuck on the following problem:
>
> Warning: Unknown(): Your script possibly relies on a session side-
> effect which existed until PHP 4.2.3. Please be advised that the
> session extension does not consider global variables as a source of
> data, unless register_globals is enabled. You can disable this
> functionality and this warning by setting session.bug_compat_42 or
> session.bug_compat_warn to off, respectively. in Unknown on line 0
>
> I have no idea what they understand under the "session side-effect" as
> well as "session extension" and how this "extension" can "consider"
> something.
>
> I tried to find something in the newsgroups and I found that:
> http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd
>
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?
>
Are you using session_register() or similar functions in your code?
As Daniel said - code would help.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:48:11 von kurdayon
On Jan 15, 8:30 pm, thib=B4
wrote:
> Kurda Yon wrote:
> > But I am not sure that I correctly understand the suggested solution
> > of the problem. I should replace all global variables which I care
> > about by "normal variables"? I.e. $varname =3D global-array[$varname].
> > Why I cannot use the global variables directly?
>
> Yes, the subject has been discussed here recently. I'll past the classic
> example for you to understand quickly:
>
> ..
> if( isset($admin) ) {
> ..}
>
> ..
>
> Now:http://mysite.net/myscript.php?admin=3D1
> Here we go.
>
Is $admin a global variable? I thought that it can be global only
after "global $admin;"-line in the code. Am I wrong? Any variable
which is given to the php-script via the address line will
automatically become global (if register_global is "on")?
> Thus, globals aren't registered automatically anymore, you have to do it
> yourself: $registered_global =3D $_SESSION['unregistered_global'];
>
I think I have some problems with the terminology. The above example I
would describe as follow. We have assign to a "normal" variable
($registered_global), a value taken from a session variable
($_SESSION). But you replace "normal" by "global" and "assignment" by
the "registration". Do you consider any "assignment" as the
"registration" or only those "assignment" is a "registration" in which
the value was taken from the $_SESSION?
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:50:20 von kurdayon
>
> Are you using session_register() or similar functions in your code?
>
Yes I use the "session_register()". I do not know which part of the
code should I send. It is huge and I have no idea where the problem
starts.
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:52:52 von Jerry Stuckle
thib´ wrote:
> Kurda Yon wrote:
>> But I am not sure that I correctly understand the suggested solution
>> of the problem. I should replace all global variables which I care
>> about by "normal variables"? I.e. $varname = global-array[$varname].
>> Why I cannot use the global variables directly?
>
> Yes, the subject has been discussed here recently. I'll past the classic
> example for you to understand quickly:
>
> ..
> if( isset($admin) ) {
> ..
> }
> ..
>
> Now: http://mysite.net/myscript.php?admin=1
> Here we go.
>
> Thus, globals aren't registered automatically anymore, you have to do it
> yourself: $registered_global = $_SESSION['unregistered_global'];
>
> -thib´
>
Yes, that's already been discussed. We've moved on. Please don't
confuse him more!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:53:56 von Jerry Stuckle
Kurda Yon wrote:
> On Jan 15, 8:30 pm, thib´
wrote:
>> Kurda Yon wrote:
>>> But I am not sure that I correctly understand the suggested solution
>>> of the problem. I should replace all global variables which I care
>>> about by "normal variables"? I.e. $varname = global-array[$varname].
>>> Why I cannot use the global variables directly?
>> Yes, the subject has been discussed here recently. I'll past the classic
>> example for you to understand quickly:
>>
>> ..
>> if( isset($admin) ) {
>> ..}
>>
>> ..
>>
>> Now:http://mysite.net/myscript.php?admin=1
>> Here we go.
>>
> Is $admin a global variable? I thought that it can be global only
> after "global $admin;"-line in the code. Am I wrong? Any variable
> which is given to the php-script via the address line will
> automatically become global (if register_global is "on")?
>
>
>> Thus, globals aren't registered automatically anymore, you have to do it
>> yourself: $registered_global = $_SESSION['unregistered_global'];
>>
> I think I have some problems with the terminology. The above example I
> would describe as follow. We have assign to a "normal" variable
> ($registered_global), a value taken from a session variable
> ($_SESSION). But you replace "normal" by "global" and "assignment" by
> the "registration". Do you consider any "assignment" as the
> "registration" or only those "assignment" is a "registration" in which
> the value was taken from the $_SESSION?
>
No - register_globals has nothing to do with variables you specify as
global yourself.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:54:01 von kurdayon
>
> ..
> if( isset($admin) ) {
> ..}
>
> ..
>
> Now:http://mysite.net/myscript.php?admin=1
> Here we go.
But even if the register_global is off the following can happen:
if( isset($_GET['admin']) ) {
...}
Now:http://mysite.net/myscript.php?admin=1
Or the ideas is that developer (programmer) will remember that $_GET
is something what is coming from the outside and will never relate the
access with the elements of $_GET?
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:54:41 von Jerry Stuckle
Kurda Yon wrote:
>> Are you using session_register() or similar functions in your code?
>>
> Yes I use the "session_register()". I do not know which part of the
> code should I send. It is huge and I have no idea where the problem
> starts.
>
Start by getting rid of deprecated functions such as session_register.
Just use the $_SESSION array.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Re: "register_globals off" and "session side-effect"
am 16.01.2008 02:59:19 von Jerry Stuckle
Kurda Yon wrote:
>> ..
>> if( isset($admin) ) {
>> ..}
>>
>> ..
>>
>> Now:http://mysite.net/myscript.php?admin=1
>> Here we go.
>
> But even if the register_global is off the following can happen:
> if( isset($_GET['admin']) ) {
> ..}
> Now:http://mysite.net/myscript.php?admin=1
>
> Or the ideas is that developer (programmer) will remember that $_GET
> is something what is coming from the outside and will never relate the
> access with the elements of $_GET?
>
That is true. But $_GET['admin'] is set - not $admin. And the only way
the $_GET array gets populated is by the query string in the uri (unless
you set it yourself - which is a bad idea).
And you know that $_GET['admin'] is coming from the query string. With
register_globals on, $admin could have been set by the session, a
cookie, or get or post parameters. And you have no idea where it came from.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================