Latest News: (loading..)

0

Register Globals Support

Started by CMOTD, May 16 2004, 21:36

«
Prev

Page 5 of 15
3
4
5
6
7

Next
»

You cannot reply to this topic
Go to first unread post

280 replies to this topic

#81 CMOTD

Community Member
433 posts

Real Name:Richard Bentley

@Mention

Posted 25 November 2004, 13:45

canary100, on Nov 23 2004, 12:00 PM, said:

3:30 in the morning.
...etc etc etc...

You could try the following :

At the top of the file, just after the line...

$action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');

...add the following two lines...

link_get_variable('limite_1');
link_get_variable('limite_2');

--------------

NOTES:

1) I have not tested this in any way at all.

2) This fix assumes you have added the functions 'link_get_variable' and 'link_post_variable' to the file .../catalog/includes/functions/general.php - the register globals patch instructions state that these are optional so if you didn't bother including them then you will get an 'undefined function' error and you will have to go back to the instructions and add these two functions in.

3) If this still does not work, try changing both 'link_get_variable' function calls in the above fix to 'link_post_variable' instead (but I'm pretty sure the 'get' version is correct in this case).

4) If it STILL doesn't work then have a cup of tea / post back / give up / swear (delete as you see fit).

Rich.

Back to top

#82 canary100

Community Member
32 posts

Real Name:Luis

@Mention

Posted 26 November 2004, 14:16

Rich, my man, you are THE man. Worked like butter man, almost made me cry.

.....I shall promptly take your instructions, make a quick TXT file and place it on the Admin Paging contributions for future ref, giving youu of course all good credit.

Awesome.

Back to top

#83 canary100

Community Member
32 posts

Real Name:Luis

@Mention

Posted 26 November 2004, 14:28

Posted the fix to the ADMIN PAGING contribution

http://www.oscommerce.com/community/contributions,1965

THX

Back to top

#84 canary100

Community Member
32 posts

Real Name:Luis

@Mention

Posted 27 November 2004, 13:38

Sorry to wonder back in here with another issue:

I just installed (Just..more like 8 hours ago actually) WISHLIST 2.0 and as expected, I am running into another register_globals=off issue. (or at least I think so)

The installation went smooth, but as it stands now, no fucntionality. Since this is a multiple page problem, I paste the code for the pages where I suspect the problem may be:

##########APPLICATION_TOP.PHP

MODIFICATION # 1

THIS ONE I SOLVED using the link_get_variable CMOTD showed me for the Admin Paging problem just before this post. This code was giving me an SQL sytax error, but as I said, it is fixed:

OLD CODE

 � � �// performed by the 'buy now' button in product listings and review page
 � � �case 'buy_now' : � � � �if (isset($HTTP_GET_VARS['products_id'])) {
 � � � � � � � � � � � � � � � �// Wish List 2.3 Start
 � � � � � � � � � � � � � � � �if (tep_session_is_registered('customer_id')) {
 � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST . " WHERE customers_id=$customer_id AND products_id=$products_id");
 � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id=$products_id");
 � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � �// Wish List 2.3 End
 � � � � � � � � � � � � � � � �if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) {
 � � � � � � � � � � � � � � � � �tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id']));
 � � � � � � � � � � � � � � � �} else {
 � � � � � � � � � � � � � � � � �$cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1);
 � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
 � � � � � � � � � � � � � � �break;

NEW FIXED CODE using "link_get_variables"

 � case 'buy_now' : � � � �if (isset($HTTP_GET_VARS['products_id'])) {
 � � � �link_get_variable('customer_id'); 
 � � � �link_get_variable('products_id'); 
 � � � � � � � � � � � � � � � �// Wish List 2.3 Start
 � � � � � � � � � � � � � � � �if (tep_session_is_registered('customer_id')) {
 � � � � � � � � � � � � � � � � tep_db_query("delete from " . TABLE_WISHLIST . " WHERE customers_id=$customer_id AND products_id=$products_id");
 � � � � � � � � � � � � � � � � tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id=$products_id");
 � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � �// Wish List 2.3 End
 � � � � � � � � � � � � � � � �if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) {
 � � � � � � � � � � � � � � � � �tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id']));
 � � � � � � � � � � � � � � � �} else {
 � � � � � � � � � � � � � � � � �$cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1);
 � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
 � � � � � � � � � � � � � � �break;

MODIFICATION # 2

 �case 'cust_order' : � � if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['pid'])) {
 � � � � � � � � � � � � � � � �// Wish List 2.3 Start
 � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_GET_VARS['pid'] . "' and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id='" . $HTTP_GET_VARS['pid']."'");
 � � � � � � � � � � � � � � � �// Wish List 2.3 End
 � � � � � � � � � � � � � � � �if (tep_has_product_attributes($HTTP_GET_VARS['pid'])) {
 � � � � � � � � � � � � � � � � �tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['pid']));
 � � � � � � � � � � � � � � � �} else {
 � � � � � � � � � � � � � � � � �$cart->add_cart($HTTP_GET_VARS['pid'], $cart->get_quantity($HTTP_GET_VARS['pid'])+1);
 � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
 � � � � � � � � � � � � � � �break;
// Wish List 2.3 Start
// *****************************************
 � � �// Remove item from the Wish List
 � � �case 'remove_wishlist':
 � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_GET_VARS['pid'] . "' and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id= '" . $HTTP_GET_VARS['pid'] . "'");
 � � � � � � � � � � � � � � �tep_redirect(tep_href_link(FILENAME_WISHLIST));
 � � � � � � � � � � � � � � �break;
 � �} // end switch $HTTP_GET_VARS['action']
 �} // end if is set $HTTP_GET_VARS['action']

 �// Shopping cart actions through POST variables from forms
 �if (isset($HTTP_POST_VARS['wishlist_action'])) {
 � �// redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled
 � �if ($session_started == false) {
 � � �tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));
 � �}

 � �$goto = basename($PHP_SELF);
 � �switch ($HTTP_POST_VARS['wishlist_action']) {
 � � �// Customer wants to update the product quantity in their shopping cart
 � � �case 'add_wishlist' : �if (ereg('^[0-9]+$', $HTTP_POST_VARS['products_id'])) {
 � � � � � � � � � � � � � � � �if ($HTTP_POST_VARS['products_id']) {
 � � � � � � � � � � � � � � � � �if ($customer_id > 0) {
 � � � � � �// Queries below replace old product instead of adding to queatity.
 � � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_POST_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � � � �tep_db_query("insert into " . TABLE_WISHLIST . " (customers_id, products_id, products_model, products_name, products_price) values ('" . $customer_id . "', '" . $products_id . "', '" . $products_model . "', '" . $products_name . "', '" . $products_price . "' )");
 � � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " where products_id = '" . $HTTP_POST_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � � � �// Read array of options and values for attributes in id[]
 � � � � � � � � � � � � � � � � � �if (isset ($id)) {
 � � � � � � � � � � � � � � � � � � �foreach($id as $att_option=>$att_value) {
 � � � � � � � � � � � � � � � � � � � �// Add to customers_wishlist_attributes table
 � � � � � � � � � � � � � � � � � � � �tep_db_query("insert into " . TABLE_WISHLIST_ATTRIBUTES . " (customers_id, products_id, products_options_id , products_options_value_id) values ('" . $customer_id . "', '" . $products_id . "', '" . $att_option . "', '" . $att_value . "' )");
 � � � � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �break;

 � � �case 'wishlist_add_cart' :if (ereg('^[0-9]+$', $HTTP_POST_VARS['products_id'])) {
 � � � � � � � � � � � � � � � � �if ($HTTP_POST_VARS['products_id']) {
 � � � � � � � � � � � � � � � � �if ($customer_id > 0) {
 � � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_POST_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " where products_id = '" . $HTTP_POST_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � � � �// Read array of options and values for attributes in id[]
 � � � � � � � � � � � � � � � � � �if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) {
 � � � � � � � � � � � � � � � � � � � $cart->add_cart($HTTP_POST_VARS['products_id'], $cart->get_quantity(tep_get_uprid($HTTP_POST_VARS['products_id'], $HTTP_POST_VARS['id']))+1, $HTTP_POST_VARS['id']);
 � � � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � � � �tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
 � � � � � � � � � � � � � � � � � �break;
 � � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � �break;

 � � � // Wishlist Checkboxes
 � � � case 'add_delete_products_wishlist': 
 � � � � � � � � � � � � � � � � � � �if (isset($HTTP_POST_VARS['add_wishprod'])) {
 � � � � � � � � � � � � � � � � � � � � if ($HTTP_POST_VARS['borrar'] == 0) { 
 � � � � � � � � // 'borrar' form variable refers to deleting products in array $add_wishprod[] from wishlist
 � � � � � � � � � � � � � � � � � � � � � � � foreach ($HTTP_POST_VARS['add_wishprod'] as $value) {
 � � � � � � � � � � � � � � � � � � � � � � � � � �if (ereg('^[0-9]+$', $value)) {
 � � � � � � � � � � � � � � � � � � � � � � � � � �$cart->add_cart($value, $cart->get_quantity(tep_get_uprid($value, $HTTP_POST_VARS['id'][$value]))+1, $HTTP_POST_VARS['id'][$value]);
 � � � � � � � � � � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = $value and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " where products_id = '$value' and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � � � � � � � � � }
 � � � � � � � � � � � � � � � � � � � � � � tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
 � � � � � � � � � � � � � � � � � � � � }
 � � � � � � � � � � � � � � � � � � � � if ($HTTP_POST_VARS['borrar'] == 1) {
 � � � � � � � � � � � � � � � � � � � � � � � foreach ($HTTP_POST_VARS['add_wishprod'] as $value) {
 � � � � � � � � � � � � � � � � � � � � � � � � � �if (ereg('^[0-9]+$', $value)) { � �
 � � � � � � � � � � � � � � � � � � � � � � � � � � tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = $value and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � � � � � � � � � � � �tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " where products_id = '$value' and customers_id = '" . $customer_id . "'");
 � � � � � � � � � � � � � � � � � � � � � � � � � }
 � � � � � � � � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � � � � � � � � tep_redirect(tep_href_link(FILENAME_WISHLIST));
 � � � � � � � � � � � � � � � � � � � � }
 � � � � � � � � � � � � � � � � � � �}
 � � � � � � � � � � � � � � � � � � �break;

 � �} // end switch ($HTTP_POST_VARS['wishlist_action'])
 �} // end isset($HTTP_POST_VARS)
// *****************************************
// Wish List 2.3 End

// include the who's online functions

I also suspect the products_info.php and wishlist.php pages may also have code that needs patching, but I get the feeling the problem is in this page.

As always, upong fixing/texting this problem, I will posted a TXT file to the WISHLIST 2.0 contribution so anyone else with this problem can fix it next time around.

Thanks in advanced

Edited by canary100, 27 November 2004, 13:40.

Back to top

#85 CMOTD

Community Member
433 posts

Real Name:Richard Bentley

@Mention

Posted 27 November 2004, 15:19

   case 'buy_now' :        if (isset($HTTP_GET_VARS['products_id'])) {
        link_get_variable('customer_id'); 
        link_get_variable('products_id'); 
                                // Wish List 2.3 Start
                                if (tep_session_is_registered('customer_id')) {

I would suggest that your fix here is not correct. The line...

if (tep_session_is_registered('customer_id'))

...suggests that this is a session variable. Using the function link_get_variable, you are associating it with a $_GET variable. Without further investigation, I can't be sure, but I would guess that what you have done is not actually correct.

As for any other problems you have, no idea !

Rich.

Back to top

#86 canary100

Community Member
32 posts

Real Name:Luis

@Mention

Posted 27 November 2004, 20:40

CMOTD, on Nov 27 2004, 03:19 PM, said:

 � case 'buy_now' : � � � �if (isset($HTTP_GET_VARS['products_id'])) {
 � � � �link_get_variable('customer_id'); 
 � � � �link_get_variable('products_id'); 
 � � � � � � � � � � � � � � � �// Wish List 2.3 Start
 � � � � � � � � � � � � � � � �if (tep_session_is_registered('customer_id')) {

I would suggest that your fix here is not correct. The line...

if (tep_session_is_registered('customer_id'))

...suggests that this is a session variable. Using the function link_get_variable, you are associating it with a $_GET variable. Without further investigation, I can't be sure, but I would guess that what you have done is not actually correct.

As for any other problems you have, no idea !

Rich.

<{POST_SNAPBACK}>

Thanks CM. I knew at one point my luck would run out. As for "my fix" being wrong, well, not to argue back, but I have test it quite a few times , and it seems to work just fine..but then again, what do I know...I am just an idiot savant...

Thanks man.

Back to top

#87 fr33dom

Community Member
1 posts

Real Name:Michael Kelly

@Mention

Posted 01 December 2004, 04:27

Richard :: dood,

Just like to say on 01/10/2004 I completed a successful install of your patch - you're a good man!

cheers
freedom

Back to top

#88 Dragonmom

Community Member
367 posts

Real Name:Shawn
Location:Chicago

@Mention

Posted 11 December 2004, 07:30

I am installing a test OSC site on my home computer, using mac's handy-dandy preloaded Apache server environment. i figured- why not leave register_globals off, use the patch, and be safer when i go live?
but- There are no modules showing when I click on that list. not payment, shipping, nor order totals.
Admin side says that the images directory is not writable, and that my category inamges do not exist.
And take a look at this message. i get it when I edit a product, or add new product, page
admin/categories.php?cPath=0_99&pID=135&action=new_product_preview;

Quote

Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

How about that- an unknown file!
I am terrible at coding as it is!
any clues here to a smarter eye than mine?

Edited by Dragonmom, 11 December 2004, 07:35.

psst... wanna buy a wand?

Back to top

#89 CMOTD

Community Member
433 posts

Real Name:Richard Bentley

@Mention

Posted 12 December 2004, 15:14

Quote

Admin side says that the images directory is not writable, and that my category inamges do not exist.

In that case, the images directory probably ISN'T writable ! As it is also complaining that you have no image files, it sounds like the image path is not correctly set up. This has nothing at all to do with this contribution; it's a basic installation config issue which has probably been brought up on these forums at least a hundred times in the past year (along with the two or three other basic things that seem to crop up every other day because no one bothers to search the bloody forums before posting).

Quote

Warning: Unknown(): Your script possibly relies on a session side-effect....

You haven't read the contribution's installation instructions have you ? I thought the "PLEASE Read this - it will save you a lot of grief !" comment at the top of the README file might have given you a clue. Clearly not ! I despair..... What's the bloody point ?!

Quote

I am terrible at coding....

You're not too hot at reading instructions either !

Rich

ps - If you think I'm being rude, tough - I am ! I have a reputation to keep !

Back to top

#90 Dragonmom

Community Member
367 posts

Real Name:Shawn
Location:Chicago

@Mention

Posted 12 December 2004, 17:33

Whew, I deserved that :wacko:

I obviously skipped right over the crucial portion of your read-me. You explain the problem and the solution meticulously, and I am ashamed of myself.
AS far as the config files, they look correct, I've loaded OSC six or seven times now, but I am going to look over them with a magnifying glass, because I think you are right about that too.
Note to myself- From now on- get enough sleep!

psst... wanna buy a wand?

Back to top

#91 jls

Community Member
16 posts

Real Name:Jason S

@Mention

Posted 24 December 2004, 20:11

dyland, on Jul 10 2004, 05:26 PM, said:

I moved a site from a Unix platform to a Windows platform and had a lot of issues, not least was this register globals problem. Anyway used this contrib and it helped in the fix.

A couple of issues I had (and fixed) on a Windows box:
1 - a partial page was displaying or the page was redirecting constantly. Only an issue on Internet Explorer and not Mozilla. The cause was buffering but I couldn't fix it until I found if I turned off gzip support it stopped the HTTP compression and this issue went away. (do this through the admin screens)

2 - Problem with backups and uploading images. Still working on this. My theory is the site is running as a user id that doesn't have write persmission on the directorys in question.

3 - There appears to be a bug in the admin patch labeled 030740. The problem was the admin security wasn't working and access to /admin/index.php (amongst others) was possible without logging in.

The code in /admin/includes/functions/general.php had to be modified as follows:
// Redirect to another page or site
function tep_redirect($url) {
//-----Comment this line out ---> return stristr($_SERVER['HTTP_USER_AGENT'], $url);
//global $logger;

header('Location: ' . $url);

if (STORE_PAGE_PARSE_TIME == 'true') {
if (!is_object($logger)) $logger = new logger;
$logger->timer_stop();
}

exit;
}

4 - I have a ton of contribs loaded and had to go to the less strict version of the sessions mapping code.

5 - I was getting warning messages about using a side effect from earlier versions of PHP. I used the '@' to suppress warnings in the following code (in /includes/functions/sessions.php )
if (PHP_VERSION >= '4.0.4') {
return @session_write_close();
} elseif (function_exists('session_close')) {
return session_close();
}

Dylan

<{POST_SNAPBACK}>

Did you have any problems with the visitor's IP address not showing up when you switched to a Windows box? I have my site on a windows box and the IP address of visitors is not showing in Who's Online, and was wondering if it was something to do with this.

Thanks,

Jason

Back to top

#92 Ethan1701

Community Member
173 posts

Real Name:Ethan
Location:Israel

@Mention

Posted 28 December 2004, 23:10

Hi,
I just installed this contribution, and it went perfectly! I'm releived, grateful, and rather surprised that the default for osCommerce is globals = on. It's so simple to deactivate them.

Thanks a million to all those who worked on this!

-Ethan

Back to top

#93 CMOTD

Community Member
433 posts

Real Name:Richard Bentley

@Mention

Posted 29 December 2004, 18:25

Ethan1701, on Dec 28 2004, 11:10 PM, said:

...and rather surprised that the default for osCommerce is globals = on...

Quite.

I was fairly staggered that no one had patched this long before I came to use osc.

And as I wasn't exacty happy with the thought of having register globals enabled (HUGE understatement), I figured someone ought to do something about it.... :-)

Rich

Back to top

#94 Sleeping

Community Member
20 posts

Real Name:Fred

@Mention

Posted 04 January 2005, 16:09

The README file states that :

Quote

In fact, if you use this patch, you MUST disable the 'register_globals' option. if you do not, things will go horribly wrong !

I patched my version on a test server that still has register_globals set to on, and I didn't see any error or warning messages, and so far, my tests *seem* to be fine.

What kind of trouble am I to expect by using this on a server that still has register_globals ?

Thanks.

After three days without programming, life becomes meaningless.
-- The Tao of Programming

Back to top

#95 CMOTD

Community Member
433 posts

Real Name:Richard Bentley

@Mention

Posted 05 January 2005, 17:52

Sleeping, on Jan 4 2005, 04:09 PM, said:

The README file states that :
I patched my version on a test server that still has register_globals set to on, and I didn't see any error or warning messages, and so far, my tests *seem* to be fine.

What kind of trouble am I to expect by using this on a server that still has register_globals ?

Thanks.

<{POST_SNAPBACK}>

You won't get any kind of error message displayed.

Having this patch installed and register globals enabled _can_ cause the session variables to screw up though. This is because of the way the session variables are mapped into the global variable space to allow OSC to still work. Sorry - I should have explained this in the docs.

If you find you don't have a problem, then fine - I might be wrong (but I don't think I am). I still wouldn't do it though ! - having register globals still enabled will prevent the major benefit (and whole point !) of the patch - that of preventing variable injection into the runninng code.

Rich.

Edited by CMOTD, 05 January 2005, 17:55.

Back to top

#96 Sleeping

Community Member
20 posts

Real Name:Fred

@Mention

Posted 06 January 2005, 21:56

CMOTD, on Jan 5 2005, 01:52 PM, said:

I still wouldn't do it though ! - having register globals still enabled will prevent the major benefit (and whole point !) of the patch - that of preventing variable injection into the runninng code.

<{POST_SNAPBACK}>

I totally agree with the point that patching and leaving register_globals is ridiculous. However, in the situation I am in, it kinda makes sense (with some modifications to the patch).

The company I work for doesn't own the server on which the website is hosted, we don't administer it, we have no power when it comes to decisions (basically, it's a host). Until now, the host has left register_globals on, but I know they will turn it off eventually (they tried it in the past and received loads of complaints, so they turned it back on). They probably won't warn when they will switch it off again, so I have to be prepared.

What I did to workaround the patch+register_globals=on possible problems is put every part of the patch in if(ini_get('register_globals') == '1') { original_code } else { patch } blocks. I'm aware that it probably has an effect on performance, but we only have about 20 visitors per day anyway, so it doesn't matter.

Thanks.

After three days without programming, life becomes meaningless.
-- The Tao of Programming

Back to top

#97 Paulz

Community Member
90 posts

Real Name:Paul
Location:UK

@Mention

Posted 09 January 2005, 11:31

Im currently reloading my site on a new server and Ive got the Register globals problem, My version of OSC is 2.2-MS1 will this contribution work with it. ? Anyone had any success with 2.2-MS1 or are there any alternative options?

Thanks

Back to top

#98 exitbuy

Community Member
48 posts

Real Name:ExitBuy
Location:Bangalore

@Mention

Posted 10 January 2005, 02:52

I Have A Problem With The Script

My Home Page Gives The Error Message

Fatal error: Cannot redeclare tep_session_recreate() (previously declared in \\premfs18\sites\premium18\satishkumar\webroot\Shop\includes\functions\sessions.php:178) in \\premfs18\sites\premium18\satishkumar\webroot\Shop\includes\functions\sessions.php on line 222

My Home Page URL is www.exitbuy.com/shop

What Can I Do To Fix It

Regards,
Satish Kumar
ExitBuy.Com

Back to top

#99 exitbuy

Community Member
48 posts

Real Name:ExitBuy
Location:Bangalore

@Mention

Posted 10 January 2005, 03:36

Hi, I Have A Problem With Your Script

Fatal error: Cannot redeclare tep_session_recreate() (previously declared in \\premfs18\sites\premium18\satishkumar\webroot\Shop\includes\functions\sessions.php:178) in \\premfs18\sites\premium18\satishkumar\webroot\Shop\includes\functions\sessions.php on line 222

My Home Page URL is www.exitbuy.com/shop

Can You Tell Me How I Can Fix It

Regards,
Satish Kumar

Back to top

#100 drewk04

Community Member
1 posts

Real Name:drew kennelly

@Mention

Posted 10 January 2005, 05:58

Hi, I am new to php etc. and am having trouble to edit the files, is there any way to get a copy of already edited files.

Thanks in advance

Drew

Back to top

«
Prev

Page 5 of 15
3
4
5
6
7

Next
»

Back to General Add-Ons Support · Next Unread Topic →