Explore Register_globals
Dedecms limits the Register_globals.
Because the Register_globals set control PHP variable access scope, if the opening will cause unnecessary security problems, so here it is forced to close, if the webmaster space does not support, you can use the following methods to modify, for the majority of webmaster reference:
* If the user of a standalone server can modify php.ini in the PHP configuration file, change the Register_globals=on to Register_globals=off, and then restart Apache.
* If the user is a virtual host, notify the space provider as much as possible to modify the configuration, or you can try Ini_set (' register_globals ', 0).
* You create a new. htaccess file in the site directory, plus php_flag register_globals off, if you already have a. htaccess file, add it directly to the last line;
* If not, then only the last way to go directly to include/common.inc.php the following code can be removed (not recommended).
There are many unsafe possibilities for opening register_globals, so it is mandatory to close register_globalsif (Ini_get (' register_globals ')) {exit (' php.ini Register_ Globals must is off! '); Starting with the PHP4.2.0 version, the settings option in php.ini register_globals the default value to OFF. So, it's best to start programming with the off style from now on!
The value of the register_globals can be set to: On or off, and we'll give you a piece of code to describe the differences individually.
Code:
Copy CodeThe code is as follows:
When the next program receives the Register_globals=off, it should use $_get[' user_name ' and $_get[' User_pass '] to accept the passed value. (Note: When
The problem with the above code is that you can easily get access to the right, without having to provide the correct username and password. Only add the last authorized=1 to the address bar of your browser. Because PHP automatically creates a variable for each committed value-whether it comes from a submitted form, a URL query string, or a cookie-which sets $authorized to 1, an unauthorized user can also break the security limit.
Register_globals=off website can't open the solution
Register_globals is a configuration in php.ini, this configuration affects how PHP receives the parameters passed over, as the name implies, register_globals means to register as a global variable, so when on, The value passed in is directly registered as a global variable, and off, we need to go to a specific array to get it. So, a friend of those who can't get the value above should first check to see if your register_globals's settings match the way you get the value. (view can be used phpinfo () function or directly view php.ini)
The purpose of Register_globals=off is primarily for security reasons, while most programs require that the value be set to OFF, what about a lot of scripts that were previously written in on style? If your previous script is well-planned, there is a public include file, such as config.inc.php file, in this file with the following code to simulate (this code does not guarantee that 100% can solve your problem, because I do not have a lot of tests, but I think the effect is good).
Code:
Copy CodeThe code is as follows:
if (!ini_get ("Register_globals"))
{
Extract ($_post);
Extract ($_get);
Extract ($_server);
Extract ($_files);
Extract ($_env);
Extract ($_cookie);
if (Isset ($_session))
{
Extract ($_session);
}
}
?>
Workarounds for PHP Undefined index and Undefined variable
$act =$_post[' act '];
Always prompt with the above code
notice:undefined index:act in F:\windsflybook\post.php on line 18
In addition, there are sometimes
Reference content
Notice:undefined Variable:submit ...
Wait for some of these tips
Cause: Because the variable is undefined
Workaround:
1) error_reporting Settings:
Find error_reporting = E_all
Modified to error_reporting = E_all & ~e_notice
2) register_globals settings:
Find register_globals = Off
Modified to Register_globals = On
Notice:undefined Variable:email in D:\PHP5\ENOTE\ADDNOTE. PHP on line 9
Notice:undefined Variable:subject in D:\PHP5\ENOTE\ADDNOTE. PHP on line 9
Notice:undefined variable:comment in D:\PHP5\ENOTE\ADDNOTE. PHP on line 9
........
PHP does not need to define variables, but what should be the case?
Just find php.ini in C:\WINDOWS.
302 lines in php.ini error_reporting = E_all
Modified into
error_reporting = e_all & ~e_notice and restart apache2.2.
Workaround: Modify PHP.ini
Will: error_reporting = E_all
Modified to: error_reporting = E_all & ~e_notice
If you don't want any errors to be displayed, modify them directly:
Display_errors = Off
If you do not have php.ini permission to modify, you can add it to the PHP header
Ini_set ("error_reporting", "E_all & ~e_notice");
Can
http://www.bkjia.com/PHPjc/325524.html www.bkjia.com true http://www.bkjia.com/PHPjc/325524.html techarticle in-depth understanding of the register_globals dedecms force limits the register_globals due to the Register_globals settings control PHP variable Access scope, if the open will cause unnecessary security problems, so this ...
