"register_globals off" and "session side-effect"

Hi,

I set the register_globals off and try to get my code working under
the new conditions. I stuck on the following problem:

Warning: Unknown(): Your script possibly relies on a session side-
effect which existed until PHP 4.2.3. Please be advised that the
session extension does not consider global variables as a source of
data, unless register_globals is enabled. You can disable this
functionality and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0

I have no idea what they understand under the "session side-effect" as
well as "session extension" and how this "extension" can "consider"
something.

I tried to find something in the newsgroups and I found that:
http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd

But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?

Re: "register_globals off" and "session side-effect"

Kurda Yon wrote:
> Hi,
>
> I set the register_globals off and try to get my code working under
> the new conditions. I stuck on the following problem:
>
> Warning: Unknown(): Your script possibly relies on a session side-
> effect which existed until PHP 4.2.3. Please be advised that the
> session extension does not consider global variables as a source of
> data, unless register_globals is enabled. You can disable this
> functionality and this warning by setting session.bug_compat_42 or
> session.bug_compat_warn to off, respectively. in Unknown on line 0
>
> I have no idea what they understand under the "session side-effect" as
> well as "session extension" and how this "extension" can "consider"
> something.
>
> I tried to find something in the newsgroups and I found that:
> http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd
>
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?

Your going to need to paste us some of the code. Kind of hard to tell
what its not liking without seeing it.

--
Daniel Ennis
faNetworks.net - Quality Web Hosting and Ventrilo Services
System Administrator / Web Developer
PHP Developer for 6 years
daniel@fanetworks.net

Re: "register_globals off" and "session side-effect"

Kurda Yon wrote:
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?

Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

...
if( isset($admin) ) {
..
}
...

Now: http://mysite.net/myscript.php?admin=1
Here we go.

Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];

-thib´

Re: "register_globals off" and "session side-effect"

Kurda Yon wrote:
> Hi,
>
> I set the register_globals off and try to get my code working under
> the new conditions. I stuck on the following problem:
>
> Warning: Unknown(): Your script possibly relies on a session side-
> effect which existed until PHP 4.2.3. Please be advised that the
> session extension does not consider global variables as a source of
> data, unless register_globals is enabled. You can disable this
> functionality and this warning by setting session.bug_compat_42 or
> session.bug_compat_warn to off, respectively. in Unknown on line 0
>
> I have no idea what they understand under the "session side-effect" as
> well as "session extension" and how this "extension" can "consider"
> something.
>
> I tried to find something in the newsgroups and I found that:
> http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd
>
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?
>

Are you using session_register() or similar functions in your code?

As Daniel said - code would help.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: "register_globals off" and "session side-effect"

On Jan 15, 8:30 pm, thib=B4 wrote:
> Kurda Yon wrote:
> > But I am not sure that I correctly understand the suggested solution
> > of the problem. I should replace all global variables which I care
> > about by "normal variables"? I.e. $varname =3D global-array[$varname].
> > Why I cannot use the global variables directly?
>
> Yes, the subject has been discussed here recently. I'll past the classic
> example for you to understand quickly:
>
> ..
> if( isset($admin) ) {
> ..}
>
> ..
>
> Now:http://mysite.net/myscript.php?admin=3D1
> Here we go.
>
Is $admin a global variable? I thought that it can be global only
after "global $admin;"-line in the code. Am I wrong? Any variable
which is given to the php-script via the address line will
automatically become global (if register_global is "on")?


> Thus, globals aren't registered automatically anymore, you have to do it
> yourself: $registered_global =3D $_SESSION['unregistered_global'];
>
I think I have some problems with the terminology. The above example I
would describe as follow. We have assign to a "normal" variable
($registered_global), a value taken from a session variable
($_SESSION). But you replace "normal" by "global" and "assignment" by
the "registration". Do you consider any "assignment" as the
"registration" or only those "assignment" is a "registration" in which
the value was taken from the $_SESSION?

Re: "register_globals off" and "session side-effect"

>
> Are you using session_register() or similar functions in your code?
>
Yes I use the "session_register()". I do not know which part of the
code should I send. It is huge and I have no idea where the problem
starts.

Re: "register_globals off" and "session side-effect"

thib´ wrote:
> Kurda Yon wrote:
>> But I am not sure that I correctly understand the suggested solution
>> of the problem. I should replace all global variables which I care
>> about by "normal variables"? I.e. $varname = global-array[$varname].
>> Why I cannot use the global variables directly?
>
> Yes, the subject has been discussed here recently. I'll past the classic
> example for you to understand quickly:
>
> ..
> if( isset($admin) ) {
> ..
> }
> ..
>
> Now: http://mysite.net/myscript.php?admin=1
> Here we go.
>
> Thus, globals aren't registered automatically anymore, you have to do it
> yourself: $registered_global = $_SESSION['unregistered_global'];
>
> -thib´
>

Yes, that's already been discussed. We've moved on. Please don't
confuse him more!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: "register_globals off" and "session side-effect"

Kurda Yon wrote:
> On Jan 15, 8:30 pm, thib´ wrote:
>> Kurda Yon wrote:
>>> But I am not sure that I correctly understand the suggested solution
>>> of the problem. I should replace all global variables which I care
>>> about by "normal variables"? I.e. $varname = global-array[$varname].
>>> Why I cannot use the global variables directly?
>> Yes, the subject has been discussed here recently. I'll past the classic
>> example for you to understand quickly:
>>
>> ..
>> if( isset($admin) ) {
>> ..}
>>
>> ..
>>
>> Now:http://mysite.net/myscript.php?admin=1
>> Here we go.
>>
> Is $admin a global variable? I thought that it can be global only
> after "global $admin;"-line in the code. Am I wrong? Any variable
> which is given to the php-script via the address line will
> automatically become global (if register_global is "on")?
>
>
>> Thus, globals aren't registered automatically anymore, you have to do it
>> yourself: $registered_global = $_SESSION['unregistered_global'];
>>
> I think I have some problems with the terminology. The above example I
> would describe as follow. We have assign to a "normal" variable
> ($registered_global), a value taken from a session variable
> ($_SESSION). But you replace "normal" by "global" and "assignment" by
> the "registration". Do you consider any "assignment" as the
> "registration" or only those "assignment" is a "registration" in which
> the value was taken from the $_SESSION?
>

No - register_globals has nothing to do with variables you specify as
global yourself.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: "register_globals off" and "session side-effect"

>
> ..
> if( isset($admin) ) {
> ..}
>
> ..
>
> Now:http://mysite.net/myscript.php?admin=1
> Here we go.

But even if the register_global is off the following can happen:
if( isset($_GET['admin']) ) {
...}
Now:http://mysite.net/myscript.php?admin=1

Or the ideas is that developer (programmer) will remember that $_GET
is something what is coming from the outside and will never relate the
access with the elements of $_GET?

Re: "register_globals off" and "session side-effect"

Kurda Yon wrote:
>> Are you using session_register() or similar functions in your code?
>>
> Yes I use the "session_register()". I do not know which part of the
> code should I send. It is huge and I have no idea where the problem
> starts.
>

Start by getting rid of deprecated functions such as session_register.
Just use the $_SESSION array.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: "register_globals off" and "session side-effect"

Kurda Yon wrote:
>> ..
>> if( isset($admin) ) {
>> ..}
>>
>> ..
>>
>> Now:http://mysite.net/myscript.php?admin=1
>> Here we go.
>
> But even if the register_global is off the following can happen:
> if( isset($_GET['admin']) ) {
> ..}
> Now:http://mysite.net/myscript.php?admin=1
>
> Or the ideas is that developer (programmer) will remember that $_GET
> is something what is coming from the outside and will never relate the
> access with the elements of $_GET?
>

That is true. But $_GET['admin'] is set - not $admin. And the only way
the $_GET array gets populated is by the query string in the uri (unless
you set it yourself - which is a bad idea).

And you know that $_GET['admin'] is coming from the query string. With
register_globals on, $admin could have been set by the session, a
cookie, or get or post parameters. And you have no idea where it came from.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================