register_globals cannot be set by ini_set

[mancroft]

I realise that register_globals cannot be set by ini_set and saw somewhere that the code below is a way to block the register_globals security hole.

Am I correct and the code below will work, or is there a better way?

function cleanregisterglobals($keys) { 
    foreach (array_keys($keys) as $key) { 
      global $$key; 
      unset($$key); 
    } 
  } 

  cleanregisterglobals($_GET); 
  cleanregisterglobals($_POST); 
  cleanregisterglobals($_COOKIE); 
  cleanregisterglobals($_SERVER); 
  cleanregisterglobals($_ENV); 
  cleanregisterglobals($_FILES);

 

[sleipnir214]

Why go through all that trouble? $_GET, $_POST, etc are perfectly usable variables and have the advantages of being superglobal and preventing variable poisoning.

But if you think you must instantiate the elements of the supergloblals as singletons, I recommend you take a look at import_request_variables()



Want the best answers? Ask the best questions!

TANSTAAFL!!