archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Removed register_globals

Browse source
This commit is contained in:
Kalle Sommer Nielsen 2010-04-21 01:27:22 +00:00
parent bae9248602
commit febee11285
45 changed files with 138 additions and 463 deletions
Download patch file Download diff file Expand all files Collapse all files

10
INSTALL
View file

@ -716,14 +716,6 @@ CGI environment and recommended modifications in php.ini
the web server not from the administration server. Use the command
line as root user and start it manually - you will see there are no
CGI-like environment variables.
Simply change your scripts to get CGI variables in the correct way for
PHP 4.x by using the superglobal $_SERVER. If you have older scripts
which use $HTTP_HOST, etc., you should turn on register_globals in
php.ini and change the variable order too (important: remove "E" from
it, because you do not need the environment here):
variables_order = "GPCS"
register_globals = On
__________________________________________________________________
Special use for error pages or self-made directory listings (PHP >= 4.3.3)
@ -1532,7 +1524,7 @@ The configuration file
; Boolean values can be set to either:
; true, on, yes
; or false, off, no, none
register_globals = off
html_errors = off
track_errors = yes
; you can enclose strings in double-quotes

2
NEWS
View file

@ -12,6 +12,7 @@
time are allocated in a single copy and never changed. (Dmitry)
- Added an optimization which saves memory and emalloc/efree calls for empty
HashTables (Stas, Dmitry)
- Added Tokyo Cabinet abstract DB support to ext/dba. (Michael Maclean)
- Added Jenkins's one-at-a-time hash support to ext/hash. (Martin Jansen)
- Added FNV-1 hash support to ext/hash. (Michael Maclean)
@ -30,6 +31,7 @@
- Removed legacy features: (Kalle)
. define_syslog_variables ini option and its associated function.
. register_globals.
. register_long_arrays ini option.
. y2k_compliance ini option.

22
README.input_filter
View file

@ -19,9 +19,7 @@ A simple implementation might look like the following. This stores the
original raw user data and adds a my_get_raw() function while the normal
$_POST, $_GET and $_COOKIE arrays are only populated with stripped
data. In this simple example all I am doing is calling strip_tags() on
the data. If register_globals is turned on, the default globals that
are created will be stripped ($foo) while a $RAW_foo is created with the
original user input.
the data.
ZEND_BEGIN_MODULE_GLOBALS(my_input_filter)
zval *post_array;
@ -155,8 +153,6 @@ PHP_FUNCTION(my_get_raw)
int var_len;
zval **tmp;
zval *array_ptr = NULL;
HashTable *hash_ptr;
char *raw_var;
if(zend_parse_parameters(2 TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
return;
@ -174,23 +170,15 @@ PHP_FUNCTION(my_get_raw)
break;
}
if(!array_ptr) RETURN_FALSE;
if(!array_ptr) {
RETURN_FALSE;
}
/*
* I'm changing the variable name here because when running with register_globals on,
* the variable will end up in the global symbol table
*/
raw_var = emalloc(var_len+5); /* RAW_ and a \0 */
strcpy(raw_var, "RAW_");
strlcat(raw_var,var,var_len+5);
hash_ptr = HASH_OF(array_ptr);
if(zend_hash_find(hash_ptr, raw_var, var_len+5, (void **)&tmp) == SUCCESS) {
if(zend_hash_find(HASH_OF(array_ptr), var, var_len+5, (void **)&tmp) == SUCCESS) {
*return_value = **tmp;
zval_copy_ctor(return_value);
} else {
RETVAL_FALSE;
}
efree(raw_var);
}

17
Zend/tests/unset_cv06.phpt
View file

@ -3,27 +3,20 @@ unset() CV 6 (indirect unset() of global variable in session_unset())
--SKIPIF--
<?php include(dirname(__FILE__).'/../../ext/session/tests/skipif.inc'); ?>
--INI--
register_globals=1
session.auto_start=0
session.save_handler=files
--FILE--
<?php
$x = "1\n";
session_start();
echo $x;
session_register('x');
$_SESSION['x'] = "2\n";
echo $x;
$_SESSION['x'] = "1\n";
echo $_SESSION['x'];
session_unset();
echo $x;
echo $_SESSION['x'];
echo "ok\n";
?>
--EXPECTF--
Warning: Directive 'register_globals' is deprecated in PHP %d.%d and greater in Unknown on line 0
1
Deprecated: Function session_register() is deprecated in %s on line %d
2
Notice: Undefined variable: x in %sunset_cv06.php on line %d
Notice: Undefined index: x in %sunset_cv06.php on line %d
ok

9
ext/filter/filter.c
View file

@ -450,8 +450,6 @@ static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int
orig_var = estrdup(var);
/* Store the RAW variable internally */
/* FIXME: Should not use php_register_variable_ex as that also registers
* globals when register_globals is turned on */
Z_STRLEN(raw_var) = val_len;
Z_STRVAL(raw_var) = estrndup(*val, val_len);
Z_TYPE(raw_var) = IS_STRING;
@ -461,8 +459,6 @@ static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int
if (val_len) {
/* Register mangled variable */
/* FIXME: Should not use php_register_variable_ex as that also registers
* globals when register_globals is turned on */
Z_STRLEN(new_var) = val_len;
Z_TYPE(new_var) = IS_STRING;
@ -537,7 +533,6 @@ static zval *php_filter_get_storage(long arg TSRMLS_DC)/* {{{ */
{
zval *array_ptr = NULL;
zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals));
switch (arg) {
case PARSE_GET:
@ -550,13 +545,13 @@ static zval *php_filter_get_storage(long arg TSRMLS_DC)/* {{{ */
array_ptr = IF_G(cookie_array);
break;
case PARSE_SERVER:
if (jit_initialization) {
if (PG(auto_globals_jit)) {
zend_is_auto_global("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
}
array_ptr = IF_G(server_array);
break;
case PARSE_ENV:
if (jit_initialization) {
if (PG(auto_globals_jit)) {
zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
}
array_ptr = IF_G(env_array);

14
ext/mbstring/mb_gpc.c
View file

@ -151,7 +151,6 @@ MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
info.data_type = arg;
info.separator = separator;
info.force_register_globals = 0;
info.report_errors = 0;
info.to_encoding = MBSTRG(internal_encoding);
info.to_language = MBSTRG(language);
@ -210,13 +209,6 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_
mbfl_string_init_set(&resvar, info->to_language, info->to_encoding);
mbfl_string_init_set(&resval, info->to_language, info->to_encoding);
/* register_globals stuff
* XXX: this feature is going to be deprecated? */
if (info->force_register_globals && !(prev_rg_state = PG(register_globals))) {
zend_alter_ini_entry("register_globals", sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
}
if (!res || *res == '\0') {
goto out;
}
@ -346,11 +338,6 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_
}
out:
/* register_global stuff */
if (info->force_register_globals && !prev_rg_state) {
zend_alter_ini_entry("register_globals", sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
}
if (convd != NULL) {
MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
mbfl_buffer_converter_delete(convd);
@ -376,7 +363,6 @@ SAPI_POST_HANDLER_FUNC(php_mb_post_handler)
info.data_type = PARSE_POST;
info.separator = "&";
info.force_register_globals = 0;
info.report_errors = 0;
info.to_encoding = MBSTRG(internal_encoding);
info.to_language = MBSTRG(language);

1
ext/mbstring/mb_gpc.h
View file

@ -32,7 +32,6 @@
typedef struct _php_mb_encoding_handler_info_t {
int data_type;
const char *separator;
unsigned int force_register_globals: 1;
unsigned int report_errors: 1;
enum mbfl_no_language to_language;
enum mbfl_no_encoding to_encoding;

1
ext/mbstring/mbstring.c
View file

@ -1896,7 +1896,6 @@ PHP_FUNCTION(mb_parse_str)
info.data_type = PARSE_STRING;
info.separator = PG(arg_separator).input;
info.force_register_globals = (track_vars_array == NULL);
info.report_errors = 1;
info.to_encoding = MBSTRG(current_internal_encoding);
info.to_language = MBSTRG(language);

1
ext/mbstring/tests/mb_parse_str.phpt
View file

@ -4,7 +4,6 @@ mb_parse_str()
<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
--INI--
arg_separator.input=&
register_globals=0
--FILE--
<?php
$queries = array(

1
ext/mbstring/tests/mb_parse_str02.phpt
View file

@ -4,7 +4,6 @@ mb_parse_str() test 2
<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
--INI--
arg_separator.input=&#
register_globals=0
--FILE--
<?php
$queries = array(

100
ext/session/session.c
View file

@ -131,76 +131,18 @@ PHPAPI void php_add_session_var(char *name, size_t namelen TSRMLS_DC) /* {{{ */
return;
}
/* Set up a proper reference between $_SESSION["x"] and $x. */
if (sym_track == NULL) {
zval *empty_var;
if (PG(register_globals)) {
zval **sym_global = NULL;
if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) {
if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
return;
}
}
if (sym_global == NULL && sym_track == NULL) {
zval *empty_var;
ALLOC_INIT_ZVAL(empty_var); /* this sets refcount to 1 */
Z_SET_REFCOUNT_P(empty_var, 0); /* our module does not maintain a ref */
/* The next call will increase refcount by NR_OF_SYM_TABLES==2 */
zend_set_hash_symbol(empty_var, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
} else if (sym_global == NULL) {
SEPARATE_ZVAL_IF_NOT_REF(sym_track);
zend_set_hash_symbol(*sym_track, name, namelen, 1, 1, &EG(symbol_table));
} else if (sym_track == NULL) {
SEPARATE_ZVAL_IF_NOT_REF(sym_global);
zend_set_hash_symbol(*sym_global, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
}
} else {
if (sym_track == NULL) {
zval *empty_var;
ALLOC_INIT_ZVAL(empty_var);
ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, empty_var, 1, 0);
}
ALLOC_INIT_ZVAL(empty_var);
ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, empty_var, 1, 0);
}
}
/* }}} */
PHPAPI void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unserialize_data_t *var_hash TSRMLS_DC) /* {{{ */
{
if (PG(register_globals)) {
zval **old_symbol;
if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) {
if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
return;
}
/* A global symbol with the same name exists already. That
* symbol might have been created by other means (e.g. $_GET).
*
* hash_update in zend_set_hash_symbol is not good, because
* it will leave referenced variables (such as local instances
* of a global variable) dangling.
*
* BTW: if you use register_globals references between
* session-vars won't work because of this very reason! */
REPLACE_ZVAL_VALUE(old_symbol,state_val,1);
/* The following line will update the reference table used for
* unserialization. It is optional, because some storage
* formats may not be able to represent references. */
if (var_hash) {
PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash,state_val,*old_symbol);
}
zend_set_hash_symbol(*old_symbol, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
} else {
zend_set_hash_symbol(state_val, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
}
} else IF_SESSION_VARS() {
IF_SESSION_VARS() {
zend_set_hash_symbol(state_val, name, namelen, PZVAL_IS_REF(state_val), 1, Z_ARRVAL_P(PS(http_session_vars)));
}
}
@ -212,20 +154,6 @@ PHPAPI int php_get_session_var(char *name, size_t namelen, zval ***state_var TSR
IF_SESSION_VARS() {
ret = zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, (void **) state_var);
/* If register_globals is enabled, and
* if there is an entry for the slot in $_SESSION, and
* if that entry is still set to NULL, and
* if the global var exists, then
* we prefer the same key in the global sym table. */
if (PG(register_globals) && ret == SUCCESS && Z_TYPE_PP(*state_var) == IS_NULL) {
zval **tmp;
if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
*state_var = tmp;
}
}
}
return ret;
}
@ -546,7 +474,7 @@ static void php_session_save_current_state(TSRMLS_D) /* {{{ */
int ret = FAILURE;
IF_SESSION_VARS() {
if (PS(bug_compat) && !PG(register_globals)) {
if (PS(bug_compat)) {
HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
HashPosition pos;
zval **val;
@ -564,7 +492,7 @@ static void php_session_save_current_state(TSRMLS_D) /* {{{ */
}
if (do_warn && PS(bug_compat_warn)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively");
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively");
}
}
@ -1895,20 +1823,6 @@ static PHP_FUNCTION(session_unset)
SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
ht = Z_ARRVAL_P(PS(http_session_vars));
if (PG(register_globals)) {
uint str_len;
char *str;
ulong num_key;
HashPosition pos;
zend_hash_internal_pointer_reset_ex(ht, &pos);
while (zend_hash_get_current_key_ex(ht, &str, &str_len, &num_key, 0, &pos) == HASH_KEY_IS_STRING) {
zend_delete_global_variable(str, str_len - 1 TSRMLS_CC);
zend_hash_move_forward_ex(ht, &pos);
}
}
/* Clean $_SESSION. */
zend_hash_clean(ht);
}

14
ext/session/tests/001.phpt
View file

@ -5,7 +5,6 @@ session object serialization
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.serialize_handler=php
session.save_handler=files
--FILE--
@ -24,17 +23,14 @@ $baz->method();
$arr[3] = new foo;
$arr[3]->method();
session_register("baz");
session_register("arr");
session_start();
$_SESSION["baz"] = $baz;
$_SESSION["arr"] = $arr;
print session_encode()."\n";
session_destroy();
--EXPECTF--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
Deprecated: Function session_register() is deprecated in %s on line %d
Deprecated: Function session_register() is deprecated in %s on line %d
--EXPECT--
baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";s:4:"done";}arr|a:1:{i:3;O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";s:4:"done";}}

10
ext/session/tests/003.phpt
View file

@ -5,7 +5,6 @@ session object deserialization
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.serialize_handler=php
session.save_handler=files
--FILE--
@ -21,14 +20,13 @@ session_id("abtest");
session_start();
session_decode('baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:1;}arr|a:1:{i:3;O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:1;}}');
$baz->method();
$arr[3]->method();
$_SESSION["baz"]->method();
$_SESSION["arr"][3]->method();
var_dump($baz);
var_dump($arr);
var_dump($_SESSION["baz"]);
var_dump($_SESSION["arr"]);
session_destroy();
--EXPECT--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
object(foo)#1 (2) {
["bar"]=>
string(2) "ok"

16
ext/session/tests/004.phpt
View file

@ -5,7 +5,6 @@ session_set_save_handler test
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.name=PHPSESSID
session.serialize_handler=php
--FILE--
@ -56,24 +55,23 @@ session_set_save_handler(array($hnd, "open"), array($hnd, "close"), array($hnd,
session_id("abtest");
session_start();
$baz->method();
$arr[3]->method();
$_SESSION["baz"]->method();
$_SESSION["arr"][3]->method();
var_dump($baz);
var_dump($arr);
var_dump($_SESSION["baz"]);
var_dump($_SESSION["arr"]);
session_write_close();
session_set_save_handler(array($hnd, "open"), array($hnd, "close"), array($hnd, "read"), array($hnd, "write"), array($hnd, "destroy"), array($hnd, "gc"));
session_start();
var_dump($baz);
var_dump($arr);
var_dump($_SESSION["baz"]);
var_dump($_SESSION["arr"]);
session_destroy();
?>
--EXPECT--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
OPEN: PHPSESSID
READ: abtest
object(foo)#2 (2) {
@ -94,7 +92,7 @@ array(1) {
WRITE: abtest, baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:2;}arr|a:1:{i:3;O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:2;}}
OPEN: PHPSESSID
READ: abtest
object(foo)#4 (2) {
object(foo)#3 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>

73
ext/session/tests/005.phpt
View file

@ -5,7 +5,6 @@ custom save handler, multiple session_start()s, complex data structure test.
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.name=PHPSESSID
session.serialize_handler=php
--FILE--
@ -58,37 +57,41 @@ session_set_save_handler(array($hnd, "open"), array($hnd, "close"), array($hnd,
session_id("abtest");
session_start();
$baz->method();
$arr[3]->method();
session_decode($hnd->data);
var_dump($baz);
var_dump($arr);
$_SESSION["baz"]->method();
$_SESSION["arr"][3]->method();
var_dump($_SESSION["baz"]);
var_dump($_SESSION["arr"]);
session_write_close();
session_set_save_handler(array($hnd, "open"), array($hnd, "close"), array($hnd, "read"), array($hnd, "write"), array($hnd, "destroy"), array($hnd, "gc"));
session_start();
$baz->method();
$arr[3]->method();
$_SESSION["baz"]->method();
$_SESSION["arr"][3]->method();
$c = 123;
session_register("c");
var_dump($baz); var_dump($arr); var_dump($c);
$_SESSION["c"] = 123;
var_dump($_SESSION["baz"]);
var_dump($_SESSION["arr"]);
var_dump($_SESSION["c"]);
session_write_close();
session_set_save_handler(array($hnd, "open"), array($hnd, "close"), array($hnd, "read"), array($hnd, "write"), array($hnd, "destroy"), array($hnd, "gc"));
session_start();
var_dump($baz); var_dump($arr); var_dump($c);
var_dump($_SESSION["baz"]);
var_dump($_SESSION["arr"]);
var_dump($_SESSION["c"]);
session_destroy();
?>
--EXPECTF--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
OPEN: PHPSESSID
READ: abtest
object(foo)#2 (2) {
object(foo)#4 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
@ -96,7 +99,7 @@ object(foo)#2 (2) {
}
array(1) {
[3]=>
object(foo)#3 (2) {
object(foo)#2 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
@ -107,8 +110,26 @@ WRITE: abtest, baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:2;}arr|a:1:{i:3;O
CLOSE
OPEN: PHPSESSID
READ: abtest
Deprecated: Function session_register() is deprecated in %s on line %d
object(foo)#2 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
int(3)
}
array(1) {
[3]=>
object(foo)#4 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
int(3)
}
}
int(123)
WRITE: abtest, baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:3;}arr|a:1:{i:3;O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:3;}}c|i:123;
CLOSE
OPEN: PHPSESSID
READ: abtest
object(foo)#4 (2) {
["bar"]=>
string(2) "ok"
@ -125,26 +146,6 @@ array(1) {
}
}
int(123)
WRITE: abtest, baz|O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:3;}arr|a:1:{i:3;O:3:"foo":2:{s:3:"bar";s:2:"ok";s:3:"yes";i:3;}}c|i:123;
CLOSE
OPEN: PHPSESSID
READ: abtest
object(foo)#3 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
int(3)
}
array(1) {
[3]=>
object(foo)#4 (2) {
["bar"]=>
string(2) "ok"
["yes"]=>
int(3)
}
}
int(123)
DESTROY: abtest
CLOSE

18
ext/session/tests/006.phpt
View file

@ -5,7 +5,6 @@ correct instantiation of references between variables in sessions
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.serialize_handler=php
session.save_handler=files
--FILE--
@ -32,12 +31,11 @@ $b = new b($a);
echo "original values:\n";
var_dump($a,$b);
session_register("a");
session_register("b");
$_SESSION["a"] = $a;
$_SESSION["b"] = $b;
session_write_close();
session_unregister("a");
session_unregister("b");
unset($_SESSION["a"], $_SESSION["b"]);
session_start();
@ -45,7 +43,6 @@ echo "values after session:\n";
var_dump($a,$b);
?>
--EXPECTF--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
original values:
object(a)#%d (1) {
["test"]=>
@ -58,14 +55,6 @@ object(b)#%d (1) {
string(5) "hallo"
}
}
Deprecated: Function session_register() is deprecated in %s on line %d
Deprecated: Function session_register() is deprecated in %s on line %d
Deprecated: Function session_unregister() is deprecated in %s on line %d
Deprecated: Function session_unregister() is deprecated in %s on line %d
values after session:
object(a)#%d (1) {
["test"]=>
@ -78,4 +67,3 @@ object(b)#%d (1) {
string(5) "hallo"
}
}

3
ext/session/tests/007.phpt
View file

@ -1,11 +1,10 @@
--TEST--
bug compatibility: unset($c) with enabled register_globals
--SKIPIF--
<?php include('skipif.inc'); ?>
<?php include('skipif.inc'); if (PHP_VERSION_ID < 503099) { echo 'requires register_globals'; } ?>
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.bug_compat_42=1
session.serialize_handler=php
session.save_handler=files

71
ext/session/tests/008-php4.2.3.phpt
View file

@ -1,71 +0,0 @@
--TEST--
bug compatibility: global is used albeit register_globals=0
--SKIPIF--
<?php include('skipif.inc');
if (version_compare(PHP_VERSION,"4.2.3-dev", "<")) die("skip this is for PHP >= 4.2.3");
?>
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=0
session.bug_compat_42=1
session.bug_compat_warn=1
track_errors=1
log_errors=0
html_errors=0
display_errors=1
error_reporting=2039;
session.serialize_handler=php
session.save_handler=files
precision=14
--FILE--
<?php
session_id("abtest");
### Phase 1 cleanup
session_start();
session_destroy();
### Phase 2 $_SESSION["c"] does not contain any value
session_id("abtest");
session_register("c");
var_dump($c);
unset($c);
$c = 3.14;
@session_write_close(); // this generates an E_WARNING which will be printed
// by $php_errormsg so we can use "@" here. ANY further message IS an error.
echo $php_errormsg."\n";
unset($_SESSION);
unset($c);
### Phase 3 $_SESSION["c"] is set
session_start();
var_dump($_SESSION);
unset($c);
$c = 2.78;
session_write_close();
unset($_SESSION);
unset($c);
### Phase 4 final
session_start();
var_dump($c);
var_dump($_SESSION);
session_destroy();
?>
--EXPECTF--
NULL
session_write_close(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively
array(1) {
["c"]=>
float(3.14)
}
NULL
array(1) {
["c"]=>
float(3.14)
}

3
ext/session/tests/009.phpt
View file

@ -1,11 +1,10 @@
--TEST--
unset($_SESSION["name"]); should work with register_globals=off
unset($_SESSION["name"]); test
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=0
session.bug_compat_42=1
session.bug_compat_warn=0
session.serialize_handler=php

1
ext/session/tests/010.phpt
View file

@ -5,7 +5,6 @@ $session_array = explode(";", session_encode()); should not segfault
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=0
session.bug_compat_42=1
session.bug_compat_warn=0
--FILE--

1
ext/session/tests/011.phpt
View file

@ -5,7 +5,6 @@ session_decode(); should not segfault
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=0
session.bug_compat_42=1
session.bug_compat_warn=0
--FILE--

8
ext/session/tests/012.phpt
View file

@ -5,7 +5,6 @@ registering $_SESSION should not segfault
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.bug_compat_42=1
session.bug_compat_warn=0
session.serialize_handler=php
@ -18,7 +17,7 @@ error_reporting(E_ALL);
session_id("abtest");
session_start();
session_register("_SESSION");
$_SESSION["_SESSION"] = Array();
$_SESSION = "kk";
session_write_close();
@ -31,8 +30,5 @@ session_destroy();
print "I live\n";
?>
--EXPECTF--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
Deprecated: Function session_register() is deprecated in %s on line %d
--EXPECT--
I live

2
ext/session/tests/013.phpt
View file

@ -5,7 +5,6 @@ redefining SID should not cause warnings
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.bug_compat_42=1
session.bug_compat_warn=0
session.serialize_handler=php
@ -24,5 +23,4 @@ session_destroy();
print "I live\n";
?>
--EXPECT--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
I live

14
ext/session/tests/014.phpt
View file

@ -3,10 +3,9 @@ a script should not be able to modify session.use_trans_sid
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.use_trans_sid=1
session.use_trans_sid=0
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.bug_compat_42=1
session.bug_compat_warn=0
session.name=PHPSESSID
@ -22,22 +21,21 @@ session_start();
?>
<a href="/link">
<?php
ini_set("session.use_trans_sid","0");
ini_set("session.use_trans_sid","1");
?>
<a href="/link">
<?php
ini_set("session.use_trans_sid","1");
ini_set("session.use_trans_sid","0");
?>
<a href="/link">
<?php
session_destroy();
?>
--EXPECTF--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
<a href="/link?PHPSESSID=abtest">
<a href="/link">
Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in %s on line %d
<a href="/link?PHPSESSID=abtest">
<a href="/link">
Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in %s on line %d
<a href="/link?PHPSESSID=abtest">
<a href="/link">

14
ext/session/tests/019.phpt
View file

@ -5,7 +5,6 @@ serializing references test case using globals
--INI--
session.use_cookies=0
session.cache_limiter=
register_globals=1
session.serialize_handler=php
session.save_handler=files
--FILE--
@ -27,27 +26,26 @@ session_id("abtest");
session_start();
session_register('o1', 'o2' );
$o1 = new TFoo(42);
$o2 =& $o1;
$_SESSION["o1"] = new TFoo(42);
$_SESSION["o2"] =& $_SESSION["o1"];
session_write_close();
unset($o1);
unset($o2);
unset($_SESSION["o1"]);
unset($_SESSION["o2"]);
session_start();
var_dump($_SESSION);
$o1->inc();
$o2->inc();
$_SESSION["o1"]->inc();
$_SESSION["o2"]->inc();
var_dump($_SESSION);
session_destroy();
?>
--EXPECTF--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
Deprecated: Function session_register() is deprecated in %s on line %d
array(2) {

1
ext/session/tests/bug24592.phpt
View file

@ -3,7 +3,6 @@ Bug #24592 (crash when multiple NULL values are being stored)
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
register_globals=0
html_errors=0
session.save_handler=files
--FILE--

1
ext/session/tests/bug26862.phpt
View file

@ -3,7 +3,6 @@ Bug #26862 (ob_flush() before output_reset_rewrite_vars() results in data loss)
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
register_globals=0
html_errors=0
session.use_trans_sid=0
session.save_handler=files

1
ext/soap/TODO.old
View file

@ -6,7 +6,6 @@ make internal refrences for soap encoding (use seralization logic)
add ini option for always soap_error_handler
provide user space overriding of serialization certin objects and types
serialization in general needs to be polished/finished... all xsd types
make perstistant objects and work with or without register_globals on
look to see if php-soap will work with out always_populate_raw_post_data on
see if client will work with ssl.. should be eaiser with php_streams
work on soap seralizer (php serialization)

6
ext/standard/tests/general_functions/get_cfg_var_variation8.phpt
View file

@ -4,17 +4,17 @@ Test function get_cfg_var() by calling deprecated option
Francesco Fullone ff@ideato.it
#PHPTestFest Cesena Italia on 2009-06-20
--INI--
register_globals=1
safe_mode=1
--SKIPIF--
<?php if (version_compare(PHP_VERSION, "5.3", "<")) die("skip requires 5.3 or greater"); ?>
--FILE--
<?php
echo "*** Test by calling method or function with deprecated option ***\n";
var_dump(get_cfg_var( 'register_globals' ) );
var_dump(get_cfg_var( 'safe_mode' ) );
?>
--EXPECTF--
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in %s on line 0
Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in %s on line 0
*** Test by calling method or function with deprecated option ***
string(1) "1"

2
ext/standard/tests/general_functions/import_request.phpt
View file

@ -4,8 +4,6 @@ import_request_variables() tests
a=1&b=heh&c=3&d[]=5&GLOBALS=test&1=hm
--POST--
ap=25&bp=test&cp=blah3&dp[]=ar
--INI--
register_globals=0
--FILE--
<?php

7
main/main.c
View file

@ -458,7 +458,6 @@ PHP_INI_BEGIN()
STD_PHP_INI_ENTRY("output_buffering", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateLong, output_buffering, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("output_handler", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("register_argc_argv", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("register_globals", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_globals, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("auto_globals_jit", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, auto_globals_jit, php_core_globals, core_globals)
#if PHP_SAFE_MODE
STD_PHP_INI_BOOLEAN("safe_mode", "1", PHP_INI_SYSTEM, OnUpdateBool, safe_mode, php_core_globals, core_globals)
@ -2054,18 +2053,17 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod
module_initialized = 1;
/* Check for deprecated directives */
/* NOTE: If you add anything here, remember to add it also in Makefile.global! */
/* NOTE: If you add anything here, remember to add it to Makefile.global! */
{
struct {
const long error_level;
const char *phrase;
const char *directives[6]; /* Remember to change this if the number of directives change */
const char *directives[5]; /* Remember to change this if the number of directives change */
} directives[] = {
{
E_CORE_WARNING,
"Directive '%s' is deprecated in PHP 5.3 and greater",
{
"register_globals",
"safe_mode",
"magic_quotes_gpc",
"magic_quotes_runtime",
@ -2078,6 +2076,7 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod
"Directive '%s' is no longer available in PHP",
{
"define_syslog_variables",
"register_globals",
"register_long_arrays",
"zend.ze1_compatibility_mode",
NULL

1
main/php_globals.h
View file

@ -122,7 +122,6 @@ struct _php_core_globals {
zend_bool expose_php;
zend_bool register_globals;
zend_bool register_argc_argv;
zend_bool auto_globals_jit;

40
main/php_variables.c
View file

@ -72,12 +72,8 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
if (track_vars_array) {
symtable1 = Z_ARRVAL_P(track_vars_array);
} else if (PG(register_globals)) {
if (!EG(active_symbol_table)) {
zend_rebuild_symbol_table(TSRMLS_C);
}
symtable1 = EG(active_symbol_table);
}
if (!symtable1) {
/* Nothing to do */
zval_dtor(val);
@ -139,9 +135,6 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
if (track_vars_array) {
ht = Z_ARRVAL_P(track_vars_array);
zend_hash_del(ht, var, var_len + 1);
} else if (PG(register_globals)) {
ht = EG(active_symbol_table);
zend_hash_del(ht, var, var_len + 1);
}
zval_dtor(val);
@ -467,7 +460,7 @@ static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC)
int count = 0;
char *ss, *space;
if (!(PG(register_globals) || SG(request_info).argc || track_vars_array)) {
if (!(SG(request_info).argc || track_vars_array)) {
return;
}
@ -526,7 +519,7 @@ static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC)
}
Z_TYPE_P(argc) = IS_LONG;
if (PG(register_globals) || SG(request_info).argc) {
if (SG(request_info).argc) {
Z_ADDREF_P(arr);
Z_ADDREF_P(argc);
zend_hash_update(&EG(symbol_table), "argv", sizeof("argv"), &arr, sizeof(zval *), NULL);
@ -613,7 +606,7 @@ static void php_autoglobal_merge(HashTable *dest, HashTable *src TSRMLS_DC)
ulong num_key;
HashPosition pos;
int key_type;
int globals_check = (PG(register_globals) && (dest == (&EG(symbol_table))));
int globals_check = (dest == (&EG(symbol_table)));
zend_hash_internal_pointer_reset_ex(src, &pos);
while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == SUCCESS) {
@ -625,7 +618,6 @@ static void php_autoglobal_merge(HashTable *dest, HashTable *src TSRMLS_DC)
) {
Z_ADDREF_PP(src_entry);
if (key_type == HASH_KEY_IS_STRING) {
/* if register_globals is on and working with main symbol table, prevent overwriting of GLOBALS */
if (!globals_check || string_key_len != sizeof("GLOBALS") || memcmp(string_key, "GLOBALS", sizeof("GLOBALS") - 1)) {
zend_hash_update(dest, string_key, string_key_len, src_entry, sizeof(zval *), NULL);
} else {
@ -653,7 +645,6 @@ int php_hash_environment(TSRMLS_D)
{
char *p;
unsigned char _gpc_flags[5] = {0, 0, 0, 0, 0};
zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals));
struct auto_global_record {
char *name;
uint name_len;
@ -681,9 +672,6 @@ int php_hash_environment(TSRMLS_D)
if (!_gpc_flags[0] && !SG(headers_sent) && SG(request_info).request_method && !strcasecmp(SG(request_info).request_method, "POST")) {
sapi_module.treat_data(PARSE_POST, NULL, NULL TSRMLS_CC); /* POST Data */
_gpc_flags[0] = 1;
if (PG(register_globals)) {
php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_POST]) TSRMLS_CC);
}
}
break;
case 'c':
@ -691,9 +679,6 @@ int php_hash_environment(TSRMLS_D)
if (!_gpc_flags[1]) {
sapi_module.treat_data(PARSE_COOKIE, NULL, NULL TSRMLS_CC); /* Cookie Data */
_gpc_flags[1] = 1;
if (PG(register_globals)) {
php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) TSRMLS_CC);
}
}
break;
case 'g':
@ -701,31 +686,22 @@ int php_hash_environment(TSRMLS_D)
if (!_gpc_flags[2]) {
sapi_module.treat_data(PARSE_GET, NULL, NULL TSRMLS_CC); /* GET Data */
_gpc_flags[2] = 1;
if (PG(register_globals)) {
php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_GET]) TSRMLS_CC);
}
}
break;
case 'e':
case 'E':
if (!jit_initialization && !_gpc_flags[3]) {
if (!PG(auto_globals_jit) && !_gpc_flags[3]) {
zend_auto_global_disable_jit("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
php_auto_globals_create_env("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
_gpc_flags[3] = 1;
if (PG(register_globals)) {
php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC);
}
}
break;
case 's':
case 'S':
if (!jit_initialization && !_gpc_flags[4]) {
if (!PG(auto_globals_jit) && !_gpc_flags[4]) {
zend_auto_global_disable_jit("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
php_register_server_variables(TSRMLS_C);
_gpc_flags[4] = 1;
if (PG(register_globals)) {
php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]) TSRMLS_CC);
}
}
break;
}
@ -737,7 +713,7 @@ int php_hash_environment(TSRMLS_D)
}
for (i=0; i<num_track_vars; i++) {
if (jit_initialization && auto_global_records[i].jit_initialization) {
if (PG(auto_globals_jit) && auto_global_records[i].jit_initialization) {
continue;
}
if (!PG(http_globals)[i]) {
@ -751,7 +727,7 @@ int php_hash_environment(TSRMLS_D)
}
/* Create _REQUEST */
if (!jit_initialization) {
if (!PG(auto_globals_jit)) {
zend_auto_global_disable_jit("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);
php_auto_globals_create_request("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);
}

8
main/rfc1867.c
View file

@ -244,21 +244,13 @@ static void safe_php_register_variable_ex(char *var, zval *val, zval *track_vars
static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */
{
int register_globals = PG(register_globals);
PG(register_globals) = 0;
safe_php_register_variable(strvar, val, strlen(val), http_post_files, override_protection TSRMLS_CC);
PG(register_globals) = register_globals;
}
/* }}} */
static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */
{
int register_globals = PG(register_globals);
PG(register_globals) = 0;
safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC);
PG(register_globals) = register_globals;
}
/* }}} */

30
php.ini-development
View file

@ -646,13 +646,12 @@ html_errors = On
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
; starts up. If the register_globals directive is enabled, it also determines
; what order variables are populated into the global space. G,P,C,E & S are
; abbreviations for the following respective super globals: GET, POST, COOKIE,
; ENV and SERVER. There is a performance penalty paid for the registration of
; these arrays and because ENV is not as commonly used as the others, ENV is
; is not recommended on productions servers. You can still get access to
; the environment variables through getenv() should you need to.
; starts up. G,P,C,E & S are abbreviations for the following respective super
; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
: paid for the registration of these arrays and because ENV is not as commonly
; used as the others, ENV is is not recommended on productions servers. You
; can still get access to the environment variables through getenv() should you
; need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
@ -672,15 +671,6 @@ variables_order = "GPCS"
; http://php.net/request-order
request_order = "GP"
; Whether or not to register the EGPCS variables as global variables. You may
; want to turn this off if you don't want to clutter your scripts' global scope
; with user data.
; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
; http://php.net/register-globals
register_globals = Off
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
@ -699,8 +689,8 @@ register_argc_argv = Off
; When enabled, the SERVER and ENV variables are created when they're first
; used (Just In Time) instead of when the script starts. If these variables
; are not used within a script, having this directive on will result in a
; performance gain. The PHP directives register_globals and register_argc_argv
; must be disabled for this directive to have any affect.
; performance gain. The PHP directive register_argc_argv must be disabled
; for this directive to have any affect.
; http://php.net/auto-globals-jit
auto_globals_jit = On
@ -1524,8 +1514,8 @@ session.gc_maxlifetime = 1440
; cd /path/to/sessions; find -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, even when register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; to initialize a session variable in the global scope.
; PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It's

30
php.ini-production
View file

@ -646,13 +646,12 @@ html_errors = Off
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
; starts up. If the register_globals directive is enabled, it also determines
; what order variables are populated into the global space. G,P,C,E & S are
; abbreviations for the following respective super globals: GET, POST, COOKIE,
; ENV and SERVER. There is a performance penalty paid for the registration of
; these arrays and because ENV is not as commonly used as the others, ENV is
; is not recommended on productions servers. You can still get access to
; the environment variables through getenv() should you need to.
; starts up. G,P,C,E & S are abbreviations for the following respective super
; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
: paid for the registration of these arrays and because ENV is not as commonly
; used as the others, ENV is is not recommended on productions servers. You
; can still get access to the environment variables through getenv() should you
; need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
@ -672,15 +671,6 @@ variables_order = "GPCS"
; http://php.net/request-order
request_order = "GP"
; Whether or not to register the EGPCS variables as global variables. You may
; want to turn this off if you don't want to clutter your scripts' global scope
; with user data.
; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
; http://php.net/register-globals
register_globals = Off
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
@ -699,8 +689,8 @@ register_argc_argv = Off
; When enabled, the SERVER and ENV variables are created when they're first
; used (Just In Time) instead of when the script starts. If these variables
; are not used within a script, having this directive on will result in a
; performance gain. The PHP directives register_globals and register_argc_argv
; must be disabled for this directive to have any affect.
; performance gain. The PHP directive register_argc_argv must be disabled
; for this directive to have any affect.
; http://php.net/auto-globals-jit
auto_globals_jit = On
@ -1532,8 +1522,8 @@ session.gc_maxlifetime = 1440
; cd /path/to/sessions; find -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, even when register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; to initialize a session variable in the global scope.
; PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It's

3
sapi/apache/mod_php5.c
View file

@ -278,9 +278,6 @@ static void sapi_apache_register_server_variables(zval *track_vars_array TSRMLS_
/* If PATH_TRANSLATED doesn't exist, copy it from SCRIPT_FILENAME */
if (track_vars_array) {
symbol_table = track_vars_array->value.ht;
} else if (PG(register_globals)) {
/* should never happen nowadays */
symbol_table = EG(active_symbol_table);
} else {
symbol_table = NULL;
}

3
sapi/apache_hooks/mod_php5.c
View file

@ -403,9 +403,6 @@ static void sapi_apache_register_server_variables(zval *track_vars_array TSRMLS_
/* If PATH_TRANSLATED doesn't exist, copy it from SCRIPT_FILENAME */
if (track_vars_array) {
symbol_table = track_vars_array->value.ht;
} else if (PG(register_globals)) {
/* should never happen nowadays */
symbol_table = EG(active_symbol_table);
} else {
symbol_table = NULL;
}

10
sapi/apache_hooks/sapi_apache.c
View file

@ -78,13 +78,9 @@ int apache_php_module_hook(request_rec *r, php_handler *handler, zval **ret TSRM
return FAILURE;
}
req = php_apache_request_new(r);
if(PG(register_globals)) {
php_register_variable_ex("request", req, NULL TSRMLS_CC);
}
else {
php_register_variable_ex("request", req, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
}
req = php_apache_request_new(r);
php_register_variable_ex("request", req, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
switch(handler->type) {
case AP_HANDLER_TYPE_FILE:
php_register_variable("PHP_SELF_HOOK", handler->name, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);

4
sapi/cli/README
View file

@ -11,8 +11,8 @@ The main differences between the two:
* It does not change the working directory to that of the script.
(-C switch kept for compatibility)
* Plain text error message
* $argc and $argv registered irrespective of register_globals
and register_argc_argv php.ini settings.
* $argc and $argv registered irrespective of the register_argc_argv
php.ini setting.
* implicit_flush always on
* -r option which allows execution of PHP code directly from
the command line (e.g. php -r 'echo md5("test");' )

7
tests/basic/011.phpt
View file

@ -6,11 +6,8 @@ register_argc_argv=1
ab+cd+ef+123+test
--FILE--
<?php
if (!ini_get('register_globals')) {
$argc = $_SERVER['argc'];
$argv = $_SERVER['argv'];
}
$argc = $_SERVER['argc'];
$argv = $_SERVER['argv'];
for ($i=0; $i<$argc; $i++) {
echo "$i: ".$argv[$i]."\n";

7
tests/basic/012.phpt
View file

@ -9,11 +9,8 @@ variables_order=GPS
ab cd ef 123 test
--FILE--
<?php
if (!ini_get('register_globals')) {
$argc = $_SERVER['argc'];
$argv = $_SERVER['argv'];
}
$argc = $_SERVER['argc'];
$argv = $_SERVER['argv'];
for ($i=1; $i<$argc; $i++) {
echo ($i-1).": ".$argv[$i]."\n";

3
tests/basic/bug46313-win.phpt
View file

@ -5,7 +5,6 @@ Bug #46313 (Magic quotes broke $_FILES)
--INI--
magic_quotes_gpc=1
file_uploads=1
register_globals=1
--POST_RAW--
Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
-----------------------------20896060251896012921717172737
@ -60,6 +59,4 @@ string(12) "o1"
bool(true)
string(%d) "%s"
bool(true)
Warning: Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in Unknown on line 0

1
tests/basic/bug46313.phpt
View file

@ -5,7 +5,6 @@ Bug #46313 (Magic quotes broke $_FILES)
--INI--
magic_quotes_gpc=1
file_uploads=1
register_globals=1
display_errors=0
--POST_RAW--
Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737

10
win32/install.txt
View file

@ -947,14 +947,6 @@ CGI environment and recommended modifications in php.ini
the web server not from the administration server. Use the command
line as root user and start it manually - you will see there are no
CGI-like environment variables.
Simply change your scripts to get CGI variables in the correct way for
PHP 5.x by using the superglobal $_SERVER. If you have older scripts
which use $HTTP_HOST, etc., you should turn on register_globals in
php.ini and change the variable order too (important: remove "E" from
it, because you do not need the environment here):
variables_order = "GPCS"
register_globals = On
__________________________________________________________________
Special use for error pages or self-made directory listings (PHP >= 4.3.3)
@ -1436,7 +1428,7 @@ The configuration file
; Boolean values can be set to either:
; true, on, yes
; or false, off, no, none
register_globals = off
html_errors = off
track_errors = yes
; you can enclose strings in double-quotes