Designing without register_globals

I am working on an open source ecommerce script that requires register_globals to be enabled. I am aware of the security risks involved with using this function and really want to work around it.

I haven’t been around for a couple of years so I am lost as to where to begin. I am looking for some information relating to register_globals and specifically what uses it? For instance

// set the session ID if it exists
   if (isset($HTTP_POST_VARS[tep_session_name()])) {
     tep_session_id($HTTP_POST_VARS[tep_session_name()]);
   } elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) {
     tep_session_id($HTTP_GET_VARS[tep_session_name()]);
   }

Is $HTTP_GET_VARS an example of using register_globals?

Thanks in advance!

You won’t need register_globals to be enabled if you’re going to use $HTTP_POST_VARS (or its successor: $_POST). Register_globals is not unsafe by default, but it requires the programmer(s) to be REALLY mindful of the risks involved and avoid them. Hence most PHP installations have it disabled.

To be quite honest with you, I can’t think of any reason one would want register_globals to be enabled, as using the superglobal arrays achieves you the very same thing without the unexpected behaviour that enabling register_globals might give.

Are you asking HOW to “Fix” the application so that you can set REGISTER_GLOBALS to OFF?

(It looks like you are using oscommerce and I know that requires them to be on.)

Are you asking HOW to "Fix" the application so that you can set REGISTER_GLOBALS to OFF?

I am asking how to fix the application. I am using a variation of oscommerce called Digistore. I am aware of it requiring register_globals to be enabled and that is why I want to fix what ever is needed so I can continue using my server with it disabled.

As I said I have not been coding for a couple years now so I have missed out on quite a bit of information.

To be quite honest with you, I can't think of any reason one would want register_globals to be enabled, as using the superglobal arrays achieves you the very same thing without the unexpected behaviour that enabling register_globals might give.

I am not wanting to use register_globals and what are superglobal arrays?

Thanks guys!

What your job basically comes down to is to refactor an existing script so it won’t require register_globals anymore. That’s quite nobel, but can be very tricky. Please know what you’re doing while refactoring the code.

Superglobal variables are variables like $_GET, $_POST, $_SERVER, etc. They can be accessed from every script in every directory on your server.

Quite Noble indeed… And a huge task. I am familiar with oscommerce, and it’s not a “Simple Script” by any stretch of the imagination.

Have you checked with the folks over at oscommerce? http://forums.oscommerce.com/

They may better serve you question.

Sponsor our Newsletter | Privacy Policy | Terms of Service