[Project_owners] Mozdev.org PHP 5 upgrade; update code for register_globals = off

Douglas E. Warner silfreed at silfreed.net
Thu Jan 10 11:17:34 PST 2008


Mozdev.org is looking to update its web server stack from Apache 1.3 and PHP 4 
to Apache 2.2 and PHP 5.  The main reason for doing this is to be running 
supported versions of software, as well as providing security and feature 
improvements.

One of the biggest changes that will come about with this change is that PHP's 
register_globals flag will be set to "off".  This will have wide impact on 
sites hosted at Mozdev and we would like to give users ample time to update 
their sites to accommodate the change.

If you aren't familiar with the register_globals setting, see here: 
http://php.net/register_globals

In most cases this simply requires wrapping variables you had declared from 
outside PHP (via GET or POST variables or cookies) inside the $_REQUEST 
superglobal.

Other variables that will be affected are anything from the environment, the 
HTTP request, cookies, or the web server, as well as the old superglobals 
names such as $HTTP_GET_VARS.

If you would like to test your site with as if it didn't have register_globals 
on, add this code to your local.conf file (preferably near the top):

<?php
if (ini_get('register_globals'))
{
        $__sgs = array('_ENV', '_GET', '_POST', '_COOKIE', '_SERVER');
        foreach ($__sgs as $__sg)
        {
                $__k = array_keys(${$__sg});
                foreach($__k as $__v)
                {
                        if (isset($$__v) && ${$__sg}[$__v] === $$__v)
                        {
                                unset($$__v);
                        } // end if superglobal var = local var
                } // end foreach superglobal key
        } // end foreach superglobal
} // end if register_globals
?>

Let us know if you have any questions; feel free to track the progress in this 
bug (15312):
https://www.mozdev.org/bugs/show_bug.cgi?id=15312

Right now we don't have a date in mind for when we would like to upgrade the 
software, but as PHP 4 is now EOL we are looking to do this sometime in the 
near future; probably still in 1Q/2008.

-Doug

-- 
Douglas E. Warner    <silfreed at silfreed.net>    Site Developer
Mozdev.org           http://www.mozdev.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.mozdev.org/pipermail/project_owners/attachments/20080110/464a2dd2/attachment-0001.bin 


More information about the Project_owners mailing list