The Register_globals of PHP security

One, register_globals = Off and register_globals = on difference

Register_globals is a configuration in the php.ini that affects how PHP receives the parameters that are passed over.

The value of the register_globals can be set to: On or off, and we'll give you a piece of code to describe the differences individually.

[PHP]View PlainCopy

2. <form action=' method=' get ' >
6. <input type=' text ' name=' username ' value=' Alex ' >
10. <input type= 'submit ' name=' sub ' value=' sub ' >
14. </form>
18. <?php
22. echo ' username:: ',$username;
26. Echo ' <br>sub:: ',$sub;
30. Echo ' <br>get:: ';
34. Print_r ($_get);
38. ?>

When register_globals = On, the program runs the commit output as:

[PHP]View PlainCopy

1. Username::alex
3. Sub::sub
5. Array ([username] = Alex [Sub] = sub)

When register_globals = Off, the program runs the commit output as:

[PHP]View PlainCopy

1. Username::
3. Sub::
5. Array ([username] = Alex [Sub] = sub)

The result of the test is obvious: Register_globals means registering as a global variable, so when on, the value passed in is directly registered as a global variable, and off, we need to go to a specific array to get it.

Second, why recommend register_globals = Off?

1.PHP 4.2.0 The default value of Register_globals in the start configuration file is changed from on to OFF, although you can set it to on, but when you can't control the server, your code compatibility becomes a big problem, so, You'd better start programming with the off style from now on.

2. When Register_globals is open, various variables are injected into the code, such as request variables from an HTML form. Plus, PHP doesn't have to be initialized before using variables, which makes it easier to write unsafe code. When opened, people do not know where the variable comes from when they use it, only to take it for granted. But Register_globals's shutdown has changed the way the code internal variables and the variables sent by the client are mixed together in a bad situation. Example Source Manual

[PHP]View PlainCopy

2. <?php
6. When the user is legal, assign the value
10. $authorized = True
16. if (Authenticated_user ()) {
20. $authorized =true;
24. }
30. Since the $authorized has not been initialized to false beforehand,
34. When Register_globals is open, the variable value may be defined by a get auth.php?authorized=1
38. So anyone can bypass the authentication
42. if ($authorized) {
46. Include"/highly/sensitive/data.php";
50. }
54. ?>

When register_globals = ON, the code above is dangerous. If it is off, $authorized can not be changed by means such as URL request, so much the better, although the initialization of variables is a good programming habit. For example, if you add $authorized = False before the above code executes, whether Register_globals is on or off, because the user state is initialized to unauthenticated.

Iii. What if you need to run some legacy programs on a shared host that has register_globals turned off and the program requires this option to open?

This example simulates register_globals on. If you change the Variables_order option in the configuration file, consider making the appropriate changes to the $superglobals.

[PHP]View PlainCopy

2. <?php//emulate Register_globals on
6. if (! Ini_get (' register_globals ')) {
10. $superglobals = Array ($_server,$_env,$_files,$_cookie,$_post,$_get);
14. if (Isset ($_session)) {
18. Array_unshift ($superglobals,$_session);
22. }
26. foreach ($superglobals as $superglobal) {
30. Extract ($superglobal, Extr_skip);
34. }
38. }
42. ?>

Iv. What should I do if I need to remove a security risk on some hosts that have the register_globals option turned on?

This example simulates register_globals Off. Remember that this code should be called at the very beginning of the script. If a session mechanism is used, it is called after Session_Start ().

[PHP]View PlainCopy

2. <?php//emulate register_globals off
6. Functionun register_globals () {
10. if (! Ini_get (' register_globals ')) {
14. Return
18. }
22. Might want to change this perhaps to a nicer error
26. if (Isset ($_request[' GLOBALS ')) | | isset ($_files[' GLOBALS ' )) {
30. Die (' GLOBALS overwrite attempt detected ');
34. }
38. Variables that shouldn ' t being unset
42. $noUnset = Array (' GLOBALS ',' _get ',' _post ',' _cookie ',' _request ',' _server ',' _env ',  ' _files ');
46. $input =Array_merge ($_get,$_post,$_cookie,$_server,$_env, $_files,isset($_ SESSION) &&is_array ($_session)?   $_session: Array ());
50. foreach ($input as $k = =$v) {
54. if (!in_array ($k,$noUnset) && isset ($GLOBALS [$k])) {
58. unset ($GLOBALS [$k]);
62. }
66. }
70. }
76. Unregister_globals ();
80. ?>

The Register_globals of PHP security