5.5.15

Miscellaneous Questions

There can be some questions we can't put into other categories. Here you can find them.

How can I handle the bz2 compressed manuals on Windows?

If you don't have an archiver-tool to handle bz2 files » download the command line tool from Redhat (please find further information below).

If you would not like to use a command line tool, you can try free tools like » Stuffit Expander, » UltimateZip, » 7-Zip, or » Quick Zip. If you have tools like » WinRAR or » Power Archiver, you can easily decompress the bz2 files with it. If you use Total Commander (formerly Windows Commander), a bz2 plugin for that program is available freely from the » Total Commander site.

The bzip2 command line tool from Redhat:

Win2k Sp2 users grab the latest version 1.0.2, all other Windows user should grab version 1.00. After downloading rename the executable to bzip2.exe. For convenience put it into a directory in your path, e.g. C:\Windows where C represents your Windows installation drive.

Note: lang stands for your language and x for the desired format, e.g.: pdf. To uncompress the php_manual_lang.x.bz2 follow these simple instructions:

  • open a command prompt window
  • cd to the folder where you stored the downloaded php_manual_lang.x.bz2
  • invoke bzip2 -d php_manual_lang.x.bz2, extracting php_manual_lang.x in the same folder

In case you downloaded the php_manual_lang.tar.bz2 with many html-files in it, the procedure is the same. The only difference is that you got a file php_manual_lang.tar. The tar format is known to be treated with most common archivers on Windows like e.g. » WinZip.

What does & beside argument mean in function declaration of e.g. asort()?

It means that the argument is passed by reference and the function will likely modify it corresponding to the documentation. You can pass only variables this way and you don't need to pass them with & in function call (it's even deprecated).

How do I deal with register_globals?

For information about the security implications of register_globals, read the security chapter on Using register_globals.

It's preferred to use superglobals, rather than relying upon register_globals being on.

If you are on a shared host with register_globals turned off and need to use some legacy applications, which require this option to be turned on, or you are on some hosting server, where this feature is turned on, but you would like to eliminate security risks, you might need to emulate the opposite setting with PHP. It is always a good idea to first ask if it would be possible to change the option somehow in PHP's configuration, but if it is not possible, then you can use these compatibility snippets.

Example #1 Emulating Register Globals

This will emulate register_globals On. If you altered your variables_order directive, consider changing the $superglobals accordingly.

<?php
// Emulate register_globals on
if (!ini_get('register_globals')) {
    
$superglobals = array($_SERVER$_ENV,
        
$_FILES$_COOKIE$_POST$_GET);
    if (isset(
$_SESSION)) {
        
array_unshift($superglobals$_SESSION);
    }
    foreach (
$superglobals as $superglobal) {
        
extract($superglobalEXTR_SKIP);
    }
}
?>

This will emulate register_globals Off. Keep in mind, that this code should be called at the very beginning of your script, or after session_start() if you use it to start your session.

<?php
// Emulate register_globals off
function unregister_GLOBALS()
{
    if (!
ini_get('register_globals')) {
        return;
    }

    
// Might want to change this perhaps to a nicer error
    
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
        die(
'GLOBALS overwrite attempt detected');
    }

    
// Variables that shouldn't be unset
    
$noUnset = array('GLOBALS',  '_GET',
                     
'_POST',    '_COOKIE',
                     
'_REQUEST''_SERVER',
                     
'_ENV',     '_FILES');

    
$input array_merge($_GET,    $_POST,
                         
$_COOKIE$_SERVER,
                         
$_ENV,    $_FILES,
                         isset(
$_SESSION) && is_array($_SESSION) ? $_SESSION : array());
    
    foreach (
$input as $k => $v) {
        if (!
in_array($k$noUnset) && isset($GLOBALS[$k])) {
            unset(
$GLOBALS[$k]);
        }
    }
}

unregister_GLOBALS();

?>

add a note add a note

User Contributed Notes 3 notes

up
1
doerr at apkk dot de
3 years ago
If you only needed register_globals for get/post variables, the effictive solution for 5.3 is:
  import_request_variables("GPC", "");

But if the skripts relied on session_register() you'll have to do more:
- Replace all variables that appeared after session_register with _SESSION equivalents - so $myvar becomes $_SESSION['myvar']
- Take care if your variables appeared inside strings - 'Hello $user !' works, but 'Hello $_SESSION['user'] !' not - so you have to concatenate the string: 'Hello '.$_SESSION['user'] .' !'
- Session variables in function declarations (for whatever purpose) will not work - keeping the old (local) names will work in most cases.
- Finally, replace the session_register(..) line with session_start()
up
1
php at REMOVEMEkennel17 dot co dot uk
9 years ago
Regarding simulating register_globals = off, note that it is impossible to adequately prevent $_SESSION variables from being globalised, as the array (and thus the globals) are created on a call to session_start().  You would therefore have to 'undo' this when you start a session as using it at the start of your script will have no effect.

To avoid potential problems, use a prefix that is unique for all session variables (e.g. 'SESS_'), and only access them via the $_SESSION array.  The prefix ensures that you don't have a naming clash (and therefore a security risk) with any non-session globals.
up
0
markus
9 years ago
Considering the comment below. I think there's a way to avoid that "problem":

<?php
//
// $starttime is an example of a variable that we might need to define,
// even before, running the "register_globals OFF" emulator below.
//
list($msec, $sec) = explode(' ', microtime());
$starttime = ((float)$msec + (float)$sec);

//
// If register_globals is ON, ensure no unexpected globals are defined.
// ie. We'll try to emulate a register_globals OFF environment.
//
if( (bool)@ini_get('register_globals') )
{
   
$superglobals = array($_ENV, $_GET, $_POST, $_COOKIE, $_FILES, $_SERVER);
    if( isset(
$_SESSION) )
    {
       
array_unshift($superglobals, $_SESSION);
    }
   
$knownglobals = array(
       
//
        // Known PHP Reserved globals and superglobals:
        //
       
'_ENV',        'HTTP_ENV_VARS',
       
'_GET',        'HTTP_GET_VARS',
       
'_POST',    'HTTP_POST_VARS',
       
'_COOKIE',    'HTTP_COOKIE_VARS',
       
'_FILES',    'HTTP_FILES_VARS',
       
'_SERVER',    'HTTP_SERVER_VARS',
       
'_SESSION',    'HTTP_SESSION_VARS',
       
'_REQUEST',

       
//
        // Global variables used by this code snippet:
        //
       
'superglobals',
       
'knownglobals',
       
'superglobal',
       
'global',
       
'void',

       
//
        // Known global variables defined before this code snippet is reached.
        //
       
'starttime',
    );
    foreach(
$superglobals as $superglobal )
    {
        foreach(
$superglobal as $global => $void )
        {
            if( !
in_array($global, $knownglobals) )
            {
                unset(
$GLOBALS[$global]);
            }
        }
    }
}
?>

Note the stuff related to the $_SESSION array depends on whether the PHP session has been started or not. You might want to call session_start() before this point (or set session.auto_start ON).

HTH+ :)
To Top