FATAL ERROR: register_globals is disabled in php.ini, please enable it!
- Thread starter vovadrap
- Start date
- Status
- Messages
- 18,169
- Reaction score
- 216
- Points
- 63
Not really. Register Globals is a massive security risk and as such it is disabled by default in some version of php (I wanna say as of 5.2). It's actually currently depreciated and is scheduled for removal in PHP V6 so it won't even be possible to enable it.
The main reason it's bad is it turns $_GET['blah'] into $blah. But it also would turn $_POST['blah'] into $blah, $_SESSION['blah'] into $blah, etc.
So I could do index.php?isvalid=1&isadmin=1 , and if you're checking $isvalid and $isadmin, I just logged myself in as a valid administrator.
In any case php.ini affects the entire server; as such it can't be enabled or it'll open some gaping security wounds. Most -good- applications that are remotely recent are programmed to assume it is off since it's not going to be around much longer anyways.
The main reason it's bad is it turns $_GET['blah'] into $blah. But it also would turn $_POST['blah'] into $blah, $_SESSION['blah'] into $blah, etc.
So I could do index.php?isvalid=1&isadmin=1 , and if you're checking $isvalid and $isadmin, I just logged myself in as a valid administrator.
In any case php.ini affects the entire server; as such it can't be enabled or it'll open some gaping security wounds. Most -good- applications that are remotely recent are programmed to assume it is off since it's not going to be around much longer anyways.
- Status