Yeah.
$HTTP_SESSION_VARS is deprecated and should only be used on old versions of php. (pre 4.06) So it seems you're going back in time here...
That and many others were changed when PHP grew up a little.
There were bad security holes and they changed the globals to correct it.
I had a similar problem with legacy code a few months back.
http://www.tfproject.org/tfp/showthr...&highlight=php
Quote:
|
Originally Posted by WillyPete
F#ckit! GRRRRRRRRRRR!
Note to people new to PHP and having to take care of older code:
You need to turn Register_globals in php.ini to 'on' for older coded variables to work.
Either that or the more secure way of rewriting the variable to meet secure standards of taking script variables in from the URL line. ( $_GET )
|
Following my advice, if you turn the on you will pretty much set the php security to pre v4 levels.
Here's what I ended up having to do. Using $_GET, instead of some basic variables.
($preset was just another variable that was used to pull stuff from the URL - queries were passed in the url.)
Compare this: (PHPv5)
PHP Code:
if ($preset)
{if (file_exists ($presetsdir.$preset.".preset"))
{include ($presetsdir.$preset.".preset");
}
else
{$t="no such preset";
}
}
To this: (PHPv3)
PHP Code:
if(!isset($_GET['preset'])){$preset = "";}
else{$preset = $_GET['preset'];}
if ($preset)
{if (file_exists ($presetsdir.$preset.".preset"))
{include ($presetsdir.$preset.".preset");}
else
{$t="no such preset";}
}
Also, have a look at these:
http://us4.php.net/manual/en/functio...n-register.php
Quote:
|
If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister().
|
http://www.mcs.vuw.ac.nz/technical/s...ef.session.htm
Quote:
Note: As of PHP 4.1.0, $_SESSION is available as global variable just like $_POST, $_GET, $_REQUEST and so on. Not like $HTTP_SESSION_VARS, $_SESSION is always global. Therefore, global should not be used for $_SESSION.
If track_vars is enabled and register_globals is disabled, only members of the global associative array $HTTP_SESSION_VARS can be registered as session variables. The restored session variables will only be available in the array $HTTP_SESSION_VARS
|
http://www.alexking.org/blog/2003/10...p-superglobal/
Quote:
I’m using the $_SESSION superglobal in my multi-user tasks development instead of the older $HTTP_SESSION_VARS superglobal. To keep backward compatability, I was creating a $_SESSION variable if one didn’t already exist and just setting it to $HTTP_SESSION_VARS. This way, I could just always look for the $_SESSION variable and still be compatible with older versions of PHP.
If you are running a version of PHP that doesn’t have the $_SESSION variable, I need to declare the $_SESSION variable I created as a global variable within a function if I want to reference the data in the $_SESSION. If I declare the $_SESSION variable as global in a version of PHP that already has the $_SESSION variable, I break it.
One solution would be to write my own code for putting and retrieving data into sessions. I could wrap everything and talk to either the $_SESSION or $HTTP_SESSION_VARS as needed. I’d also have to do this for the $_REQUEST variable and others. This would be a lot of extra code. Actually, I bet I’ve already broken this somewhere. Turning on globals is not an option.
|
And finally, a page where someone actually writes a walkthrough of the same issue:
http://www.phpbuilder.com/tips/item....6&print_mode=1