Finding errors due to register globals?

Re: Finding errors due to register globals?

Kevin Thorpe wrote:[color=blue]
> I don't suppose anyone knows of a script/program to try and identify
> where variables are used assuming register_global s is on? I'm trying to
> fix an application and would rather not turn it on as there are several
> applications on the server.
>
> I'm thinking of something which can identify use of variables (right
> hand side of assignments) before definition (left hand side of assignments).
>
> Any pointers?[/color]



--
USENET would be a better place if everybody read: | to email me: use |
http://www.catb.org/~esr/faqs/smart-questions.html | my name in "To:" |
http://www.netmeister.org/news/learn2quote2.html | header, textonly |
http://www.expita.com/nomime.html | no attachments. |

Re: Finding errors due to register globals?

Pedro Graca wrote:
[color=blue]
> Kevin Thorpe wrote:
>[color=green]
>>I don't suppose anyone knows of a script/program to try and identify
>>where variables are used assuming register_global s is on? I'm trying to
>>fix an application and would rather not turn it on as there are several
>>application s on the server.
>>
>>I'm thinking of something which can identify use of variables (right
>>hand side of assignments) before definition (left hand side of assignments).
>>
>>Any pointers?[/color]
>
>
> http://www.php.net/error_reporting
>[/color]
Unfortunately that's only at runtime. I don't rely on default values for
variables and have turned on all the error checking but I still need to
read every line of code or perform a comprehensive test to execute every
line.

I was hoping someone had a script to assist. If php was compiled then
these errors would be caught at compile time.

Re: Finding errors due to register globals?

Kevin Thorpe wrote:[color=blue]
> Pedro Graca wrote:[color=green]
>> Kevin Thorpe wrote:[color=darkred]
>>>Any pointers?[/color]
>>
>> http://www.php.net/error_reporting[/color]
>
> Unfortunately that's only at runtime. ...[/color]

There's no saying where a uninitialized variable can be used ...
It can be on the right side of an assignment; as a parameter to a
function call; on the left side of a test; ...

Good luck in finding a script that finds them all :)



You might want to try installing the scripts in a test directory and set
auto_prepend_fi le in that directory to a script that sets error_handler
to a function that logs all notices to a file (or database, or ...).

Make a few test runs, examine the log, and (manually) correct the
errors.


Skeleton auto_prepend_fi le

<?php
function Notice_Handler( $n, $d, $f, $l) {
if ($n == 8) {
// log $d, $f, and $l somewhere
}
}

set_error_handl er('Notice_Hand ler');
?>

--
USENET would be a better place if everybody read: | to email me: use |
http://www.catb.org/~esr/faqs/smart-questions.html | my name in "To:" |
http://www.netmeister.org/news/learn2quote2.html | header, textonly |
http://www.expita.com/nomime.html | no attachments. |

Re: Finding errors due to register globals?

> There's no saying where a uninitialized variable can be used ...[color=blue]
> It can be on the right side of an assignment; as a parameter to a
> function call; on the left side of a test; ...
>
> Good luck in finding a script that finds them all :)
>[/color]
I know. Looking into it requires writing a full parser. I can do that
but is it really worth my time? php syntax is pretty complex with
embedded variables and such so it's a lot of work. Maybe I should do it
and make it GPL, but I'm not sure I have the time.
[color=blue]
> You might want to try installing the scripts in a test directory and set
> auto_prepend_fi le in that directory to a script that sets error_handler
> to a function that logs all notices to a file (or database, or ...).[/color]

That still requires a test script (or me) to exercise all the code. Lots
of work for a one-off intranet app.

People keep hitting this problem, it's a FAQ. I was just wishfully
thinking that it had been addressed. Are there any zend people listening?