the web server not from the administration server. Use the command
line as root user and start it manually - you will see there are no
CGI-like environment variables.
-
- Simply change your scripts to get CGI variables in the correct way for
- PHP 4.x by using the superglobal $_SERVER. If you have older scripts
- which use $HTTP_HOST, etc., you should turn on register_globals in
- php.ini and change the variable order too (important: remove "E" from
- it, because you do not need the environment here):
-variables_order = "GPCS"
-register_globals = On
__________________________________________________________________
Special use for error pages or self-made directory listings (PHP >= 4.3.3)
; Boolean values can be set to either:
; true, on, yes
; or false, off, no, none
-register_globals = off
+html_errors = off
track_errors = yes
; you can enclose strings in double-quotes
time are allocated in a single copy and never changed. (Dmitry)
- Added an optimization which saves memory and emalloc/efree calls for empty
HashTables (Stas, Dmitry)
+
- Added Tokyo Cabinet abstract DB support to ext/dba. (Michael Maclean)
- Added Jenkins's one-at-a-time hash support to ext/hash. (Martin Jansen)
- Added FNV-1 hash support to ext/hash. (Michael Maclean)
- Removed legacy features: (Kalle)
. define_syslog_variables ini option and its associated function.
+ . register_globals.
. register_long_arrays ini option.
. y2k_compliance ini option.
original raw user data and adds a my_get_raw() function while the normal
$_POST, $_GET and $_COOKIE arrays are only populated with stripped
data. In this simple example all I am doing is calling strip_tags() on
-the data. If register_globals is turned on, the default globals that
-are created will be stripped ($foo) while a $RAW_foo is created with the
-original user input.
+the data.
ZEND_BEGIN_MODULE_GLOBALS(my_input_filter)
zval *post_array;
int var_len;
zval **tmp;
zval *array_ptr = NULL;
- HashTable *hash_ptr;
- char *raw_var;
if(zend_parse_parameters(2 TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
return;
break;
}
- if(!array_ptr) RETURN_FALSE;
-
- /*
- * I'm changing the variable name here because when running with register_globals on,
- * the variable will end up in the global symbol table
- */
- raw_var = emalloc(var_len+5); /* RAW_ and a \0 */
- strcpy(raw_var, "RAW_");
- strlcat(raw_var,var,var_len+5);
- hash_ptr = HASH_OF(array_ptr);
+ if(!array_ptr) {
+ RETURN_FALSE;
+ }
- if(zend_hash_find(hash_ptr, raw_var, var_len+5, (void **)&tmp) == SUCCESS) {
+ if(zend_hash_find(HASH_OF(array_ptr), var, var_len+5, (void **)&tmp) == SUCCESS) {
*return_value = **tmp;
zval_copy_ctor(return_value);
} else {
RETVAL_FALSE;
}
- efree(raw_var);
}
--SKIPIF--
<?php include(dirname(__FILE__).'/../../ext/session/tests/skipif.inc'); ?>
--INI--
-register_globals=1
session.auto_start=0
session.save_handler=files
--FILE--
<?php
-$x = "1\n";
session_start();
-echo $x;
-session_register('x');
-$_SESSION['x'] = "2\n";
-echo $x;
+$_SESSION['x'] = "1\n";
+echo $_SESSION['x'];
+
session_unset();
-echo $x;
+echo $_SESSION['x'];
echo "ok\n";
?>
--EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP %d.%d and greater in Unknown on line 0
1
-Deprecated: Function session_register() is deprecated in %s on line %d
-2
-
-Notice: Undefined variable: x in %sunset_cv06.php on line %d
+Notice: Undefined index: x in %sunset_cv06.php on line %d
ok
orig_var = estrdup(var);
/* Store the RAW variable internally */
- /* FIXME: Should not use php_register_variable_ex as that also registers
- * globals when register_globals is turned on */
Z_STRLEN(raw_var) = val_len;
Z_STRVAL(raw_var) = estrndup(*val, val_len);
Z_TYPE(raw_var) = IS_STRING;
if (val_len) {
/* Register mangled variable */
- /* FIXME: Should not use php_register_variable_ex as that also registers
- * globals when register_globals is turned on */
Z_STRLEN(new_var) = val_len;
Z_TYPE(new_var) = IS_STRING;
{
zval *array_ptr = NULL;
- zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals));
switch (arg) {
case PARSE_GET:
array_ptr = IF_G(cookie_array);
break;
case PARSE_SERVER:
- if (jit_initialization) {
+ if (PG(auto_globals_jit)) {
zend_is_auto_global("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
}
array_ptr = IF_G(server_array);
break;
case PARSE_ENV:
- if (jit_initialization) {
+ if (PG(auto_globals_jit)) {
zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
}
array_ptr = IF_G(env_array);
info.data_type = arg;
info.separator = separator;
- info.force_register_globals = 0;
info.report_errors = 0;
info.to_encoding = MBSTRG(internal_encoding);
info.to_language = MBSTRG(language);
mbfl_string_init_set(&resvar, info->to_language, info->to_encoding);
mbfl_string_init_set(&resval, info->to_language, info->to_encoding);
- /* register_globals stuff
- * XXX: this feature is going to be deprecated? */
-
- if (info->force_register_globals && !(prev_rg_state = PG(register_globals))) {
- zend_alter_ini_entry("register_globals", sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
- }
-
if (!res || *res == '\0') {
goto out;
}
}
out:
- /* register_global stuff */
- if (info->force_register_globals && !prev_rg_state) {
- zend_alter_ini_entry("register_globals", sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
- }
-
if (convd != NULL) {
MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
mbfl_buffer_converter_delete(convd);
info.data_type = PARSE_POST;
info.separator = "&";
- info.force_register_globals = 0;
info.report_errors = 0;
info.to_encoding = MBSTRG(internal_encoding);
info.to_language = MBSTRG(language);
typedef struct _php_mb_encoding_handler_info_t {
int data_type;
const char *separator;
- unsigned int force_register_globals: 1;
unsigned int report_errors: 1;
enum mbfl_no_language to_language;
enum mbfl_no_encoding to_encoding;
info.data_type = PARSE_STRING;
info.separator = PG(arg_separator).input;
- info.force_register_globals = (track_vars_array == NULL);
info.report_errors = 1;
info.to_encoding = MBSTRG(current_internal_encoding);
info.to_language = MBSTRG(language);
<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
--INI--
arg_separator.input=&
-register_globals=0
--FILE--
<?php
$queries = array(
<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
--INI--
arg_separator.input=&#
-register_globals=0
--FILE--
<?php
$queries = array(
return;
}
- /* Set up a proper reference between $_SESSION["x"] and $x. */
+ if (sym_track == NULL) {
+ zval *empty_var;
- if (PG(register_globals)) {
- zval **sym_global = NULL;
-
- if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) {
- if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
- return;
- }
- }
-
- if (sym_global == NULL && sym_track == NULL) {
- zval *empty_var;
-
- ALLOC_INIT_ZVAL(empty_var); /* this sets refcount to 1 */
- Z_SET_REFCOUNT_P(empty_var, 0); /* our module does not maintain a ref */
- /* The next call will increase refcount by NR_OF_SYM_TABLES==2 */
- zend_set_hash_symbol(empty_var, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
- } else if (sym_global == NULL) {
- SEPARATE_ZVAL_IF_NOT_REF(sym_track);
- zend_set_hash_symbol(*sym_track, name, namelen, 1, 1, &EG(symbol_table));
- } else if (sym_track == NULL) {
- SEPARATE_ZVAL_IF_NOT_REF(sym_global);
- zend_set_hash_symbol(*sym_global, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
- }
- } else {
- if (sym_track == NULL) {
- zval *empty_var;
-
- ALLOC_INIT_ZVAL(empty_var);
- ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, empty_var, 1, 0);
- }
+ ALLOC_INIT_ZVAL(empty_var);
+ ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, empty_var, 1, 0);
}
}
/* }}} */
PHPAPI void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unserialize_data_t *var_hash TSRMLS_DC) /* {{{ */
{
- if (PG(register_globals)) {
- zval **old_symbol;
- if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) {
- if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
- return;
- }
-
- /* A global symbol with the same name exists already. That
- * symbol might have been created by other means (e.g. $_GET).
- *
- * hash_update in zend_set_hash_symbol is not good, because
- * it will leave referenced variables (such as local instances
- * of a global variable) dangling.
- *
- * BTW: if you use register_globals references between
- * session-vars won't work because of this very reason! */
-
- REPLACE_ZVAL_VALUE(old_symbol,state_val,1);
-
- /* The following line will update the reference table used for
- * unserialization. It is optional, because some storage
- * formats may not be able to represent references. */
-
- if (var_hash) {
- PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash,state_val,*old_symbol);
- }
-
- zend_set_hash_symbol(*old_symbol, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
- } else {
- zend_set_hash_symbol(state_val, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
- }
- } else IF_SESSION_VARS() {
+ IF_SESSION_VARS() {
zend_set_hash_symbol(state_val, name, namelen, PZVAL_IS_REF(state_val), 1, Z_ARRVAL_P(PS(http_session_vars)));
}
}
IF_SESSION_VARS() {
ret = zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, (void **) state_var);
-
- /* If register_globals is enabled, and
- * if there is an entry for the slot in $_SESSION, and
- * if that entry is still set to NULL, and
- * if the global var exists, then
- * we prefer the same key in the global sym table. */
-
- if (PG(register_globals) && ret == SUCCESS && Z_TYPE_PP(*state_var) == IS_NULL) {
- zval **tmp;
-
- if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
- *state_var = tmp;
- }
- }
}
return ret;
}
int ret = FAILURE;
IF_SESSION_VARS() {
- if (PS(bug_compat) && !PG(register_globals)) {
+ if (PS(bug_compat)) {
HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
HashPosition pos;
zval **val;
}
if (do_warn && PS(bug_compat_warn)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively");
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively");
}
}
SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
ht = Z_ARRVAL_P(PS(http_session_vars));
- if (PG(register_globals)) {
- uint str_len;
- char *str;
- ulong num_key;
- HashPosition pos;
-
- zend_hash_internal_pointer_reset_ex(ht, &pos);
-
- while (zend_hash_get_current_key_ex(ht, &str, &str_len, &num_key, 0, &pos) == HASH_KEY_IS_STRING) {
- zend_delete_global_variable(str, str_len - 1 TSRMLS_CC);
- zend_hash_move_forward_ex(ht, &pos);
- }
- }
-
/* Clean $_SESSION. */
zend_hash_clean(ht);
}
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.serialize_handler=php
session.save_handler=files
--FILE--
$arr[3] = new foo;
$arr[3]->method();
-session_register("baz");
-session_register("arr");
+session_start();
+
+$_SESSION["baz"] = $baz;
+$_SESSION["arr"] = $arr;
print session_encode()."\n";
session_destroy();
---EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
-
-Deprecated: Function session_register() is deprecated in %s on line %d
-
-Deprecated: Function session_register() is deprecated in %s on line %d
+--EXPECT--
baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";s:4:"done";}arr|a:1:{i:3;O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";s:4:"done";}}
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.serialize_handler=php
session.save_handler=files
--FILE--
session_start();
session_decode('baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:1;}arr|a:1:{i:3;O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:1;}}');
-$baz->method();
-$arr[3]->method();
+$_SESSION["baz"]->method();
+$_SESSION["arr"][3]->method();
-var_dump($baz);
-var_dump($arr);
+var_dump($_SESSION["baz"]);
+var_dump($_SESSION["arr"]);
session_destroy();
--EXPECT--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
object(foo)#1 (2) {
["bar"]=>
string(2) "ok"
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.name=PHPSESSID
session.serialize_handler=php
--FILE--
session_id("abtest");
session_start();
-$baz->method();
-$arr[3]->method();
+$_SESSION["baz"]->method();
+$_SESSION["arr"][3]->method();
-var_dump($baz);
-var_dump($arr);
+var_dump($_SESSION["baz"]);
+var_dump($_SESSION["arr"]);
session_write_close();
session_set_save_handler(array($hnd, "open"), array($hnd, "close"), array($hnd, "read"), array($hnd, "write"), array($hnd, "destroy"), array($hnd, "gc"));
session_start();
-var_dump($baz);
-var_dump($arr);
+var_dump($_SESSION["baz"]);
+var_dump($_SESSION["arr"]);
session_destroy();
?>
--EXPECT--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
OPEN: PHPSESSID
READ: abtest
object(foo)#2 (2) {
WRITE: abtest, baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:2;}arr|a:1:{i:3;O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:2;}}
OPEN: PHPSESSID
READ: abtest
-object(foo)#4 (2) {
+object(foo)#3 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.name=PHPSESSID
session.serialize_handler=php
--FILE--
session_id("abtest");
session_start();
-$baz->method();
-$arr[3]->method();
+session_decode($hnd->data);
-var_dump($baz);
-var_dump($arr);
+$_SESSION["baz"]->method();
+$_SESSION["arr"][3]->method();
+
+var_dump($_SESSION["baz"]);
+var_dump($_SESSION["arr"]);
session_write_close();
session_set_save_handler(array($hnd, "open"), array($hnd, "close"), array($hnd, "read"), array($hnd, "write"), array($hnd, "destroy"), array($hnd, "gc"));
session_start();
-$baz->method();
-$arr[3]->method();
+$_SESSION["baz"]->method();
+$_SESSION["arr"][3]->method();
-$c = 123;
-session_register("c");
-var_dump($baz); var_dump($arr); var_dump($c);
+$_SESSION["c"] = 123;
+var_dump($_SESSION["baz"]);
+var_dump($_SESSION["arr"]);
+var_dump($_SESSION["c"]);
session_write_close();
session_set_save_handler(array($hnd, "open"), array($hnd, "close"), array($hnd, "read"), array($hnd, "write"), array($hnd, "destroy"), array($hnd, "gc"));
session_start();
-var_dump($baz); var_dump($arr); var_dump($c);
+var_dump($_SESSION["baz"]);
+var_dump($_SESSION["arr"]);
+var_dump($_SESSION["c"]);
session_destroy();
?>
--EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
OPEN: PHPSESSID
READ: abtest
-object(foo)#2 (2) {
+object(foo)#4 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
}
array(1) {
[3]=>
- object(foo)#3 (2) {
+ object(foo)#2 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
CLOSE
OPEN: PHPSESSID
READ: abtest
-
-Deprecated: Function session_register() is deprecated in %s on line %d
-object(foo)#4 (2) {
+object(foo)#2 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
}
array(1) {
[3]=>
- object(foo)#2 (2) {
+ object(foo)#4 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
CLOSE
OPEN: PHPSESSID
READ: abtest
-object(foo)#3 (2) {
+object(foo)#4 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
}
array(1) {
[3]=>
- object(foo)#4 (2) {
+ object(foo)#2 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.serialize_handler=php
session.save_handler=files
--FILE--
echo "original values:\n";
var_dump($a,$b);
-session_register("a");
-session_register("b");
+$_SESSION["a"] = $a;
+$_SESSION["b"] = $b;
session_write_close();
-session_unregister("a");
-session_unregister("b");
+unset($_SESSION["a"], $_SESSION["b"]);
session_start();
var_dump($a,$b);
?>
--EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
original values:
object(a)#%d (1) {
["test"]=>
string(5) "hallo"
}
}
-
-Deprecated: Function session_register() is deprecated in %s on line %d
-
-Deprecated: Function session_register() is deprecated in %s on line %d
-
-Deprecated: Function session_unregister() is deprecated in %s on line %d
-
-Deprecated: Function session_unregister() is deprecated in %s on line %d
values after session:
object(a)#%d (1) {
["test"]=>
string(5) "hallo"
}
}
-
--TEST--
bug compatibility: unset($c) with enabled register_globals
--SKIPIF--
-<?php include('skipif.inc'); ?>
+<?php include('skipif.inc'); if (PHP_VERSION_ID < 503099) { echo 'requires register_globals'; } ?>
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.bug_compat_42=1
session.serialize_handler=php
session.save_handler=files
+++ /dev/null
---TEST--
-bug compatibility: global is used albeit register_globals=0
---SKIPIF--
-<?php include('skipif.inc');
- if (version_compare(PHP_VERSION,"4.2.3-dev", "<")) die("skip this is for PHP >= 4.2.3");
-?>
---INI--
-session.use_cookies=0
-session.cache_limiter=
-register_globals=0
-session.bug_compat_42=1
-session.bug_compat_warn=1
-track_errors=1
-log_errors=0
-html_errors=0
-display_errors=1
-error_reporting=2039;
-session.serialize_handler=php
-session.save_handler=files
-precision=14
---FILE--
-<?php
-session_id("abtest");
-
-### Phase 1 cleanup
-session_start();
-session_destroy();
-
-### Phase 2 $_SESSION["c"] does not contain any value
-session_id("abtest");
-session_register("c");
-var_dump($c);
-unset($c);
-$c = 3.14;
-@session_write_close(); // this generates an E_WARNING which will be printed
-// by $php_errormsg so we can use "@" here. ANY further message IS an error.
-echo $php_errormsg."\n";
-unset($_SESSION);
-unset($c);
-
-### Phase 3 $_SESSION["c"] is set
-session_start();
-var_dump($_SESSION);
-unset($c);
-$c = 2.78;
-
-session_write_close();
-unset($_SESSION);
-unset($c);
-
-### Phase 4 final
-
-session_start();
-var_dump($c);
-var_dump($_SESSION);
-
-session_destroy();
-?>
---EXPECTF--
-NULL
-session_write_close(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively
-array(1) {
- ["c"]=>
- float(3.14)
-}
-NULL
-array(1) {
- ["c"]=>
- float(3.14)
-}
-
--TEST--
-unset($_SESSION["name"]); should work with register_globals=off
+unset($_SESSION["name"]); test
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=0
session.bug_compat_42=1
session.bug_compat_warn=0
session.serialize_handler=php
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=0
session.bug_compat_42=1
session.bug_compat_warn=0
--FILE--
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=0
session.bug_compat_42=1
session.bug_compat_warn=0
--FILE--
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.bug_compat_42=1
session.bug_compat_warn=0
session.serialize_handler=php
session_id("abtest");
session_start();
-session_register("_SESSION");
+$_SESSION["_SESSION"] = Array();
$_SESSION = "kk";
session_write_close();
print "I live\n";
?>
---EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
-
-Deprecated: Function session_register() is deprecated in %s on line %d
+--EXPECT--
I live
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.bug_compat_42=1
session.bug_compat_warn=0
session.serialize_handler=php
print "I live\n";
?>
--EXPECT--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
I live
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
-session.use_trans_sid=1
+session.use_trans_sid=0
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.bug_compat_42=1
session.bug_compat_warn=0
session.name=PHPSESSID
?>
<a href="/link">
<?php
-ini_set("session.use_trans_sid","0");
+ini_set("session.use_trans_sid","1");
?>
<a href="/link">
<?php
-ini_set("session.use_trans_sid","1");
+ini_set("session.use_trans_sid","0");
?>
<a href="/link">
<?php
session_destroy();
?>
--EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
-<a href="/link?PHPSESSID=abtest">
+<a href="/link">
Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in %s on line %d
-<a href="/link?PHPSESSID=abtest">
+<a href="/link">
Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in %s on line %d
-<a href="/link?PHPSESSID=abtest">
+<a href="/link">
--INI--
session.use_cookies=0
session.cache_limiter=
-register_globals=1
session.serialize_handler=php
session.save_handler=files
--FILE--
session_start();
session_register('o1', 'o2' );
-$o1 = new TFoo(42);
-$o2 =& $o1;
+$_SESSION["o1"] = new TFoo(42);
+$_SESSION["o2"] =& $_SESSION["o1"];
session_write_close();
-unset($o1);
-unset($o2);
+unset($_SESSION["o1"]);
+unset($_SESSION["o2"]);
session_start();
var_dump($_SESSION);
-$o1->inc();
-$o2->inc();
+$_SESSION["o1"]->inc();
+$_SESSION["o2"]->inc();
var_dump($_SESSION);
session_destroy();
?>
--EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
Deprecated: Function session_register() is deprecated in %s on line %d
array(2) {
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
-register_globals=0
html_errors=0
session.save_handler=files
--FILE--
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
-register_globals=0
html_errors=0
session.use_trans_sid=0
session.save_handler=files
add ini option for always soap_error_handler
provide user space overriding of serialization certin objects and types
serialization in general needs to be polished/finished... all xsd types
-make perstistant objects and work with or without register_globals on
look to see if php-soap will work with out always_populate_raw_post_data on
see if client will work with ssl.. should be eaiser with php_streams
work on soap seralizer (php serialization)
Francesco Fullone ff@ideato.it
#PHPTestFest Cesena Italia on 2009-06-20
--INI--
-register_globals=1
+safe_mode=1
--SKIPIF--
<?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?>
--FILE--
<?php
echo "*** Test by calling method or function with deprecated option ***\n";
-var_dump(get_cfg_var( 'register_globals' ) );
+var_dump(get_cfg_var( 'safe_mode' ) );
?>
--EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in %s on line 0
+Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in %s on line 0
*** Test by calling method or function with deprecated option ***
string(1) "1"
a=1&b=heh&c=3&d[]=5&GLOBALS=test&1=hm
--POST--
ap=25&bp=test&cp=blah3&dp[]=ar
---INI--
-register_globals=0
--FILE--
<?php
STD_PHP_INI_ENTRY("output_buffering", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateLong, output_buffering, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("output_handler", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("register_argc_argv", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv, php_core_globals, core_globals)
- STD_PHP_INI_BOOLEAN("register_globals", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_globals, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("auto_globals_jit", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, auto_globals_jit, php_core_globals, core_globals)
#if PHP_SAFE_MODE
STD_PHP_INI_BOOLEAN("safe_mode", "1", PHP_INI_SYSTEM, OnUpdateBool, safe_mode, php_core_globals, core_globals)
module_initialized = 1;
/* Check for deprecated directives */
- /* NOTE: If you add anything here, remember to add it also in Makefile.global! */
+ /* NOTE: If you add anything here, remember to add it to Makefile.global! */
{
struct {
const long error_level;
const char *phrase;
- const char *directives[6]; /* Remember to change this if the number of directives change */
+ const char *directives[5]; /* Remember to change this if the number of directives change */
} directives[] = {
{
E_CORE_WARNING,
"Directive '%s' is deprecated in PHP 5.3 and greater",
{
- "register_globals",
"safe_mode",
"magic_quotes_gpc",
"magic_quotes_runtime",
"Directive '%s' is no longer available in PHP",
{
"define_syslog_variables",
+ "register_globals",
"register_long_arrays",
"zend.ze1_compatibility_mode",
NULL
zend_bool expose_php;
- zend_bool register_globals;
zend_bool register_argc_argv;
zend_bool auto_globals_jit;
if (track_vars_array) {
symtable1 = Z_ARRVAL_P(track_vars_array);
- } else if (PG(register_globals)) {
- if (!EG(active_symbol_table)) {
- zend_rebuild_symbol_table(TSRMLS_C);
- }
- symtable1 = EG(active_symbol_table);
}
+
if (!symtable1) {
/* Nothing to do */
zval_dtor(val);
if (track_vars_array) {
ht = Z_ARRVAL_P(track_vars_array);
zend_hash_del(ht, var, var_len + 1);
- } else if (PG(register_globals)) {
- ht = EG(active_symbol_table);
- zend_hash_del(ht, var, var_len + 1);
}
zval_dtor(val);
int count = 0;
char *ss, *space;
- if (!(PG(register_globals) || SG(request_info).argc || track_vars_array)) {
+ if (!(SG(request_info).argc || track_vars_array)) {
return;
}
}
Z_TYPE_P(argc) = IS_LONG;
- if (PG(register_globals) || SG(request_info).argc) {
+ if (SG(request_info).argc) {
Z_ADDREF_P(arr);
Z_ADDREF_P(argc);
zend_hash_update(&EG(symbol_table), "argv", sizeof("argv"), &arr, sizeof(zval *), NULL);
ulong num_key;
HashPosition pos;
int key_type;
- int globals_check = (PG(register_globals) && (dest == (&EG(symbol_table))));
+ int globals_check = (dest == (&EG(symbol_table)));
zend_hash_internal_pointer_reset_ex(src, &pos);
while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == SUCCESS) {
) {
Z_ADDREF_PP(src_entry);
if (key_type == HASH_KEY_IS_STRING) {
- /* if register_globals is on and working with main symbol table, prevent overwriting of GLOBALS */
if (!globals_check || string_key_len != sizeof("GLOBALS") || memcmp(string_key, "GLOBALS", sizeof("GLOBALS") - 1)) {
zend_hash_update(dest, string_key, string_key_len, src_entry, sizeof(zval *), NULL);
} else {
{
char *p;
unsigned char _gpc_flags[5] = {0, 0, 0, 0, 0};
- zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals));
struct auto_global_record {
char *name;
uint name_len;
if (!_gpc_flags[0] && !SG(headers_sent) && SG(request_info).request_method && !strcasecmp(SG(request_info).request_method, "POST")) {
sapi_module.treat_data(PARSE_POST, NULL, NULL TSRMLS_CC); /* POST Data */
_gpc_flags[0] = 1;
- if (PG(register_globals)) {
- php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_POST]) TSRMLS_CC);
- }
}
break;
case 'c':
if (!_gpc_flags[1]) {
sapi_module.treat_data(PARSE_COOKIE, NULL, NULL TSRMLS_CC); /* Cookie Data */
_gpc_flags[1] = 1;
- if (PG(register_globals)) {
- php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) TSRMLS_CC);
- }
}
break;
case 'g':
if (!_gpc_flags[2]) {
sapi_module.treat_data(PARSE_GET, NULL, NULL TSRMLS_CC); /* GET Data */
_gpc_flags[2] = 1;
- if (PG(register_globals)) {
- php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_GET]) TSRMLS_CC);
- }
}
break;
case 'e':
case 'E':
- if (!jit_initialization && !_gpc_flags[3]) {
+ if (!PG(auto_globals_jit) && !_gpc_flags[3]) {
zend_auto_global_disable_jit("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
php_auto_globals_create_env("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
_gpc_flags[3] = 1;
- if (PG(register_globals)) {
- php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC);
- }
}
break;
case 's':
case 'S':
- if (!jit_initialization && !_gpc_flags[4]) {
+ if (!PG(auto_globals_jit) && !_gpc_flags[4]) {
zend_auto_global_disable_jit("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
php_register_server_variables(TSRMLS_C);
_gpc_flags[4] = 1;
- if (PG(register_globals)) {
- php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]) TSRMLS_CC);
- }
}
break;
}
}
for (i=0; i<num_track_vars; i++) {
- if (jit_initialization && auto_global_records[i].jit_initialization) {
+ if (PG(auto_globals_jit) && auto_global_records[i].jit_initialization) {
continue;
}
if (!PG(http_globals)[i]) {
}
/* Create _REQUEST */
- if (!jit_initialization) {
+ if (!PG(auto_globals_jit)) {
zend_auto_global_disable_jit("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);
php_auto_globals_create_request("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);
}
static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */
{
- int register_globals = PG(register_globals);
-
- PG(register_globals) = 0;
safe_php_register_variable(strvar, val, strlen(val), http_post_files, override_protection TSRMLS_CC);
- PG(register_globals) = register_globals;
}
/* }}} */
static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */
{
- int register_globals = PG(register_globals);
-
- PG(register_globals) = 0;
safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC);
- PG(register_globals) = register_globals;
}
/* }}} */
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
-; starts up. If the register_globals directive is enabled, it also determines
-; what order variables are populated into the global space. G,P,C,E & S are
-; abbreviations for the following respective super globals: GET, POST, COOKIE,
-; ENV and SERVER. There is a performance penalty paid for the registration of
-; these arrays and because ENV is not as commonly used as the others, ENV is
-; is not recommended on productions servers. You can still get access to
-; the environment variables through getenv() should you need to.
+; starts up. G,P,C,E & S are abbreviations for the following respective super
+; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
+: paid for the registration of these arrays and because ENV is not as commonly
+; used as the others, ENV is is not recommended on productions servers. You
+; can still get access to the environment variables through getenv() should you
+; need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
; http://php.net/request-order
request_order = "GP"
-; Whether or not to register the EGPCS variables as global variables. You may
-; want to turn this off if you don't want to clutter your scripts' global scope
-; with user data.
-; You should do your best to write your scripts so that they do not require
-; register_globals to be on; Using form variables as globals can easily lead
-; to possible security problems, if the code is not very well thought of.
-; http://php.net/register-globals
-register_globals = Off
-
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
; When enabled, the SERVER and ENV variables are created when they're first
; used (Just In Time) instead of when the script starts. If these variables
; are not used within a script, having this directive on will result in a
-; performance gain. The PHP directives register_globals and register_argc_argv
-; must be disabled for this directive to have any affect.
+; performance gain. The PHP directive register_argc_argv must be disabled
+; for this directive to have any affect.
; http://php.net/auto-globals-jit
auto_globals_jit = On
; cd /path/to/sessions; find -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
-; to initialize a session variable in the global scope, even when register_globals
-; is disabled. PHP 4.3 and later will warn you, if this feature is used.
+; to initialize a session variable in the global scope.
+; PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It's
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
-; starts up. If the register_globals directive is enabled, it also determines
-; what order variables are populated into the global space. G,P,C,E & S are
-; abbreviations for the following respective super globals: GET, POST, COOKIE,
-; ENV and SERVER. There is a performance penalty paid for the registration of
-; these arrays and because ENV is not as commonly used as the others, ENV is
-; is not recommended on productions servers. You can still get access to
-; the environment variables through getenv() should you need to.
+; starts up. G,P,C,E & S are abbreviations for the following respective super
+; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
+: paid for the registration of these arrays and because ENV is not as commonly
+; used as the others, ENV is is not recommended on productions servers. You
+; can still get access to the environment variables through getenv() should you
+; need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
; http://php.net/request-order
request_order = "GP"
-; Whether or not to register the EGPCS variables as global variables. You may
-; want to turn this off if you don't want to clutter your scripts' global scope
-; with user data.
-; You should do your best to write your scripts so that they do not require
-; register_globals to be on; Using form variables as globals can easily lead
-; to possible security problems, if the code is not very well thought of.
-; http://php.net/register-globals
-register_globals = Off
-
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
; When enabled, the SERVER and ENV variables are created when they're first
; used (Just In Time) instead of when the script starts. If these variables
; are not used within a script, having this directive on will result in a
-; performance gain. The PHP directives register_globals and register_argc_argv
-; must be disabled for this directive to have any affect.
+; performance gain. The PHP directive register_argc_argv must be disabled
+; for this directive to have any affect.
; http://php.net/auto-globals-jit
auto_globals_jit = On
; cd /path/to/sessions; find -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
-; to initialize a session variable in the global scope, even when register_globals
-; is disabled. PHP 4.3 and later will warn you, if this feature is used.
+; to initialize a session variable in the global scope.
+; PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It's
/* If PATH_TRANSLATED doesn't exist, copy it from SCRIPT_FILENAME */
if (track_vars_array) {
symbol_table = track_vars_array->value.ht;
- } else if (PG(register_globals)) {
- /* should never happen nowadays */
- symbol_table = EG(active_symbol_table);
} else {
symbol_table = NULL;
}
/* If PATH_TRANSLATED doesn't exist, copy it from SCRIPT_FILENAME */
if (track_vars_array) {
symbol_table = track_vars_array->value.ht;
- } else if (PG(register_globals)) {
- /* should never happen nowadays */
- symbol_table = EG(active_symbol_table);
} else {
symbol_table = NULL;
}
return FAILURE;
}
- req = php_apache_request_new(r);
- if(PG(register_globals)) {
- php_register_variable_ex("request", req, NULL TSRMLS_CC);
- }
- else {
- php_register_variable_ex("request", req, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
- }
+ req = php_apache_request_new(r);
+ php_register_variable_ex("request", req, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
+
switch(handler->type) {
case AP_HANDLER_TYPE_FILE:
php_register_variable("PHP_SELF_HOOK", handler->name, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
* It does not change the working directory to that of the script.
(-C switch kept for compatibility)
* Plain text error message
-* $argc and $argv registered irrespective of register_globals
- and register_argc_argv php.ini settings.
+* $argc and $argv registered irrespective of the register_argc_argv
+ php.ini setting.
* implicit_flush always on
* -r option which allows execution of PHP code directly from
the command line (e.g. php -r 'echo md5("test");' )
ab+cd+ef+123+test
--FILE--
<?php
-
-if (!ini_get('register_globals')) {
- $argc = $_SERVER['argc'];
- $argv = $_SERVER['argv'];
-}
+$argc = $_SERVER['argc'];
+$argv = $_SERVER['argv'];
for ($i=0; $i<$argc; $i++) {
echo "$i: ".$argv[$i]."\n";
ab cd ef 123 test
--FILE--
<?php
-
-if (!ini_get('register_globals')) {
- $argc = $_SERVER['argc'];
- $argv = $_SERVER['argv'];
-}
+$argc = $_SERVER['argc'];
+$argv = $_SERVER['argv'];
for ($i=1; $i<$argc; $i++) {
echo ($i-1).": ".$argv[$i]."\n";
--INI--
magic_quotes_gpc=1
file_uploads=1
-register_globals=1
--POST_RAW--
Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
-----------------------------20896060251896012921717172737
bool(true)
string(%d) "%s"
bool(true)
-Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
-Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in Unknown on line 0
--INI--
magic_quotes_gpc=1
file_uploads=1
-register_globals=1
display_errors=0
--POST_RAW--
Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
the web server not from the administration server. Use the command
line as root user and start it manually - you will see there are no
CGI-like environment variables.
-
- Simply change your scripts to get CGI variables in the correct way for
- PHP 5.x by using the superglobal $_SERVER. If you have older scripts
- which use $HTTP_HOST, etc., you should turn on register_globals in
- php.ini and change the variable order too (important: remove "E" from
- it, because you do not need the environment here):
-variables_order = "GPCS"
-register_globals = On
__________________________________________________________________
Special use for error pages or self-made directory listings (PHP >= 4.3.3)
; Boolean values can be set to either:
; true, on, yes
; or false, off, no, none
-register_globals = off
+html_errors = off
track_errors = yes
; you can enclose strings in double-quotes
projects / php / commitdiff