FOLLOW-UP: [Idea for PHP Enhancement: register_globals_manual]

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Justin Koivisto
    #1

    FOLLOW-UP: [Idea for PHP Enhancement: register_globals_manual]

    On 10/06/2003 11:50 AM CST, the OP, 127.0.0.1, wrote:[color=blue]
    > httpget $user_id;
    > httppost $credit_card;
    > session $really_importa nt_stuff;
    >
    > Each of these declaration lines would effectively enable
    > register_global s for one specific variable in one particular method
    > (GET, POST or session).
    >
    > Creative suggestions, comments would be welcome.[/color]

    Justin Koivisto wrote:[color=blue]
    > The proposal in the form of functions:
    >
    > <?php
    > // usage example
    > global_session( 'var1');
    >
    > function global_get($var ){
    > if(!array_key_e xists($var,$_GE T))
    > $_GET[$var]='';
    > $GLOBALS[$var]=&$_GET[$var];
    > }
    >
    > function global_post($va r){
    > if(!array_key_e xists($var,$_PO ST))
    > $_POST[$var]='';
    > $GLOBALS[$var]=&$_POST[$var];
    > }
    >
    > function global_session( $var){
    > if(!array_key_e xists($var,$_SE SSION))
    > $_SESSION[$var]='';
    > $GLOBALS[$var]=&$_SESSION[$var];
    > }
    >
    > function global_cookie($ var){
    > if(!array_key_e xists($var,$_CO OKIE))
    > $_COOKIE[$var]='';
    > $GLOBALS[$var]=&$_COOKIE[$var];
    > }
    >
    > function global_server($ var){
    > if(!array_key_e xists($var,$_SE RVER))
    > $_SERVER[$var]='';
    > $GLOBALS[$var]=&$_SERVER[$var];
    > }
    >
    > function global_files($v ar){
    > if(!array_key_e xists($var,$_FI LES))
    > $_FILES[$var]='';
    > $GLOBALS[$var]=&$_FILES[$var];
    > }
    >
    > function global_env($var ){
    > if(!array_key_e xists($var,$_EN V))
    > $_ENV[$var]='';
    > $GLOBALS[$var]=&$_ENV[$var];
    > }
    >
    > function global_request( $var){
    > if(!array_key_e xists($var,$_RE QUEST))
    > $_REQUEST[$var]='';
    > $GLOBALS[$var]=&$_REQUEST[$var];
    > }
    > ?>
    >[color=green]
    >> The proposal makes it explicit which variables you expect to use from
    >> the _GET array, so an unexpected variable won't get extracted and
    >> overwrite the session variable you intended to use. You get nearly
    >> the convenience of register_global s=on with none of the security
    >> risk.[/color]
    >
    > I broadened the scope of the proposal in the process. These functions
    > now support all of the super globals (except$ GLOBALS)in PHP. I also
    > changed the names to be prefixed by global_ and then the lowercase
    > name of the superglobal array to play with.
    >
    > Also, I thought about the case where the key didn't exist in the
    > superglobal. If this is the case, the key is created and then
    > referenced. This would likely be handy for _SESSION more than
    > anything.[/color]

    Just wanted to follow-up on this one. Did this actually satisfy the
    proposal set forth by the OP? I haven't noticed any posts to the thread
    since I submitted this.

    Ideas/comments/suggestions welcome on this as well.

    --
    Justin Koivisto - spam@koivi.com
    PHP POSTERS: Please use comp.lang.php for PHP related questions,
    alt.php* groups are not recommended.

    Tags: None
    • 127.0.0.1
      #2
      Re: FOLLOW-UP: [Idea for PHP Enhancement: register_global s_manual]

      Justin Koivisto wrote:
      [color=blue]
      >
      > Just wanted to follow-up on this one. Did this actually satisfy the
      > proposal set forth by the OP? I haven't noticed any posts to the
      > thread since I submitted this.[/color]

      THe following are the basic original requirements:
      1. Be reasonably safe from abuse (unlike register_global etc)
      2. Allow a real PHP variable (e.g. $XYZ) to be intimately associated
      with a SESSION, COOKIE, GET, POST etc varible - from instant of
      declaration through to explicit or implicit script execution end.
      3. Optionally $XYZ may use a prefix to the variable name (e.g.
      $Session_XYZ) the entire variable name must be a valid identifier (i.e.
      $Session['XYZ'] is not allowable).

      THat is about it.

      Just from looking at the above code - looks OK, however have not tested
      it.

      --
      Spam:newsgroup( at)craznar.com@ verisign-sux-klj.com
      EMail:<01100011 001011100110001 001110101011100 10011010110
      110010101000000 011000110111001 001100001011110 10011011100
      110000101110010 001011100110001 101101111011011 0100100000>

        Comment

        • Justin Koivisto
          #3
          Re: FOLLOW-UP: [Idea for PHP Enhancement: register_global s_manual]

          127.0.0.1 wrote:
          [color=blue]
          > Justin Koivisto wrote:
          >
          >[color=green]
          >>Just wanted to follow-up on this one. Did this actually satisfy the
          >>proposal set forth by the OP? I haven't noticed any posts to the
          >>thread since I submitted this.[/color]
          >
          >
          > THe following are the basic original requirements:
          > 1. Be reasonably safe from abuse (unlike register_global etc)
          > 2. Allow a real PHP variable (e.g. $XYZ) to be intimately associated
          > with a SESSION, COOKIE, GET, POST etc varible - from instant of
          > declaration through to explicit or implicit script execution end.
          > 3. Optionally $XYZ may use a prefix to the variable name (e.g.
          > $Session_XYZ) the entire variable name must be a valid identifier (i.e.
          > $Session['XYZ'] is not allowable).
          >
          > Just from looking at the above code - looks OK, however have not tested
          > it.[/color]

          I think to satisfy item #3, you'd have to modify the functions as so:

          <?php
          function global_get($var ){
          if(!array_key_e xists($var,$_GE T))
          $_GET[$var]='';
          $GLOBALS[$var]=&$_GET[$var];
          $GLOBALS['GET_'.$var]=&$GLOBALS[$var];
          }

          function global_post($va r){
          if(!array_key_e xists($var,$_PO ST))
          $_POST[$var]='';
          $GLOBALS[$var]=&$_POST[$var];
          $GLOBALS['POST_'.$var]=&$GLOBALS[$var];
          }

          function global_session( $var){
          if(!array_key_e xists($var,$_SE SSION))
          $_SESSION[$var]='';
          $GLOBALS[$var]=&$_SESSION[$var];
          $GLOBALS['SESSION_'.$var]=&$GLOBALS[$var];
          }

          function global_cookie($ var){
          if(!array_key_e xists($var,$_CO OKIE))
          $_COOKIE[$var]='';
          $GLOBALS[$var]=&$_COOKIE[$var];
          $GLOBALS['COOKIE_'.$var]=&$GLOBALS[$var];
          }

          function global_server($ var){
          if(!array_key_e xists($var,$_SE RVER))
          $_SERVER[$var]='';
          $GLOBALS[$var]=&$_SERVER[$var];
          $GLOBALS['SERVER_'.$var]=&$GLOBALS[$var];
          }

          function global_files($v ar){
          if(!array_key_e xists($var,$_FI LES))
          $_FILES[$var]='';
          $GLOBALS[$var]=&$_FILES[$var];
          $GLOBALS['FILES_'.$var]=&$GLOBALS[$var];
          }

          function global_env($var ){
          if(!array_key_e xists($var,$_EN V))
          $_ENV[$var]='';
          $GLOBALS[$var]=&$_ENV[$var];
          $GLOBALS['ENV_'.$var]=&$GLOBALS[$var];
          }

          function global_request( $var){
          if(!array_key_e xists($var,$_RE QUEST))
          $_REQUEST[$var]='';
          $GLOBALS[$var]=&$_REQUEST[$var];
          $GLOBALS['REQUEST_'.$var]=&$GLOBALS[$var];
          }
          ?>

          This should then allow using all of these to access the same value in
          memory:

          <?php
          global_session( 'var1');
          $var1='test';
          echo $var1,'<br>';
          echo $SESSION_var1,' <br>';
          echo $GLOBALS['var1'],'<br>';
          echo $GLOBALS['SESSION_var1'],'<br>';
          echo $_SESSION['var1'],'<br>';
          ?>

          In turn, setting any one of them should change all the values because it
          is all referenced, meaning it's all just one memory location. This all
          works for my setup with php 4.3.3.

          --
          Justin Koivisto - spam@koivi.com
          PHP POSTERS: Please use comp.lang.php for PHP related questions,
          alt.php* groups are not recommended.

            Comment

            • 127.0.0.1
              #4
              Re: FOLLOW-UP: [Idea for PHP Enhancement: register_global s_manual]

              Justin Koivisto wrote:
              [color=blue][color=green]
              > > Justin Koivisto wrote:[color=darkred]
              > > > > > Just wanted to follow-up on this one. Did this actually
              > > > > > satisfy the
              > > > proposal set forth by the OP? I haven't noticed any posts to the
              > > > thread since I submitted this.
              > > > > THe following are the basic original requirements:[/color]
              > > 1. Be reasonably safe from abuse (unlike register_global etc)
              > > 2. Allow a real PHP variable (e.g. $XYZ) to be intimately associated
              > > with a SESSION, COOKIE, GET, POST etc varible - from instant of
              > > declaration through to explicit or implicit script execution end.
              > > 3. Optionally $XYZ may use a prefix to the variable name (e.g.
              > > $Session_XYZ) the entire variable name must be a valid identifier
              > > (i.e. $Session['XYZ'] is not allowable).[color=darkred]
              > > > Just from looking at the above code - looks OK, however have not
              > > > tested[/color]
              > > it.[/color]
              >
              > I think to satisfy item #3, you'd have to modify the functions as so:[/color]

              Sorry, #3 isn't saying that the solution has to have that
              functionality, just that if there NEEDS to be some modification in the
              variable name, that it consist of only standard identifier allowable
              characters.

              Given the solution posted allows $XXX to be created, then 3. is
              satisfied.

              --
              Spam:newsgroup( at)craznar.com@ verisign-sux-klj.com
              EMail:<01100011 001011100110001 001110101011100 10011010110
              110010101000000 011000110111001 001100001011110 10011011100
              110000101110010 001011100110001 101101111011011 0100100000>

                Comment

                • Justin Koivisto
                  #5
                  Re: FOLLOW-UP: [Idea for PHP Enhancement: register_global s_manual]

                  127.0.0.1 wrote:
                  [color=blue]
                  > Justin Koivisto wrote:
                  >
                  >[color=green][color=darkred]
                  >>>Justin Koivisto wrote:
                  >>>
                  >>>>>>Just wanted to follow-up on this one. Did this actually
                  >>>>>>satisfy the
                  >>>>
                  >>>>proposal set forth by the OP? I haven't noticed any posts to the
                  >>>>thread since I submitted this.
                  >>>>
                  >>>>>THe following are the basic original requirements:
                  >>>
                  >>>1. Be reasonably safe from abuse (unlike register_global etc)
                  >>>2. Allow a real PHP variable (e.g. $XYZ) to be intimately associated
                  >>>with a SESSION, COOKIE, GET, POST etc varible - from instant of
                  >>>declaratio n through to explicit or implicit script execution end.
                  >>>3. Optionally $XYZ may use a prefix to the variable name (e.g.
                  >>>$Session_XYZ ) the entire variable name must be a valid identifier
                  >>>(i.e. $Session['XYZ'] is not allowable).
                  >>>
                  >>>>Just from looking at the above code - looks OK, however have not
                  >>>>tested
                  >>>
                  >>>it.[/color]
                  >>
                  >>I think to satisfy item #3, you'd have to modify the functions as so:[/color]
                  >
                  >
                  > Sorry, #3 isn't saying that the solution has to have that
                  > functionality, just that if there NEEDS to be some modification in the
                  > variable name, that it consist of only standard identifier allowable
                  > characters.
                  >
                  > Given the solution posted allows $XXX to be created, then 3. is
                  > satisfied.
                  >[/color]

                  Thanks for the feedback. I have posted an article on this now.
                  404 Not Found
                  http://www.koivi.com/manual-php-globals/


                  --
                  Justin Koivisto - spam@koivi.com
                  PHP POSTERS: Please use comp.lang.php for PHP related questions,
                  alt.php* groups are not recommended.

                    Comment

                    Previous template Next
                    Working...