register_globals on in PHP5 using htaccess
Question
this is my situation. in my hosting account i have several folders which each folder represents a website. in the directory root of my hosting the php5.ini has the register_globals off . on of them folders in order to work requires the register_globals on . i tried to add this line php_flag register_globals on in the .htaccess of this folder but without success. is there any method that makes this folder global on and all the others global off. (sorry for my english) thanks
1 answers
solution1
2 ACCPTED 2013-12-19 05:46:25
You can use extract() function to import global variant. For example:
extract($_GET);
extract($_COOKIE);
extract($_POST);
But it's DANGEROUS if your PHP variants can be controlled by use input.
For example, if you have following code to perform use login in auth.php :
$authorized = check_user($username, $password);
...
extract($_GET);
...
if($authorized)
echo "Welcome!admin."
else
echo "Please log in."
Just visit auth.php?authorized=1, then you can bypass the password validation. That's why PHP defaulty set register_globals off in later version.
I recommend upgrading you code to get rid of this problem.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.