I am working on an open source ecommerce script that requires register_globals to be enabled. I am aware of the security risks involved with using this function and really want to work around it.
I haven’t been around for a couple of years so I am lost as to where to begin. I am looking for some information relating to register_globals and specifically what uses it? For instance
// set the session ID if it exists
if (isset($HTTP_POST_VARS[tep_session_name()])) {
tep_session_id($HTTP_POST_VARS[tep_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) {
tep_session_id($HTTP_GET_VARS[tep_session_name()]);
}
Is $HTTP_GET_VARS an example of using register_globals?
Thanks in advance!