Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 6 of 6
  1. #1
    Senior Member leprechaun13's Avatar
    Join Date
    May 2005
    Location
    Northampton
    Posts
    487
    Member #
    10058
    Was playing around with wamp server because I as getting error turned out I needed register_globals on but in my frustration I changed a few other settings and cant remember which I now cant use the $_GET method in URLs for things like http://localhost/cleanms/admin/index.php?action=adduser&msg=Updated+Successfully! which setting would resolve this
    Regards Phil,


  2.  

  3. #2
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    If you enabled register_globals, get rid of it. I don't know that it'll fix your problem, but it's a gaping security hole. If at all possible, rewrite the script that relies on register_globals to not rely on it.

  4. #3
    Senior Member leprechaun13's Avatar
    Join Date
    May 2005
    Location
    Northampton
    Posts
    487
    Member #
    10058
    I fixed WAMP turned out id just changed a file name and forgot to change the other files to reflect that.

    is register_globals required to use
    PHP Code:
    <?php 
    $_SERVER
    ['PHP_SELF']
    ?>
    Regards Phil,


  5. #4
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    No. As I understand it, all register_globals does is take $_POST and $_GET variables and turn them into real variables (i.e., $_GET['action'] becomes $action automatically).

  6. #5
    Senior Member leprechaun13's Avatar
    Join Date
    May 2005
    Location
    Northampton
    Posts
    487
    Member #
    10058
    So its a pretty useless PHP function, but if thats all it does how does this poes a security issue
    Regards Phil,


  7. #6
    WDF Staff Wired's Avatar
    Join Date
    Apr 2003
    Posts
    7,657
    Member #
    1234
    Liked
    137 times
    It sounds like you could call any variable directly from a URL, regardless if you're supposed to or not
    The Rules
    Was another WDF member's post helpful? Click the like button below the post.

    Admin at houseofhelp.com


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 11:03 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com