[Phpmyadmin-devel] Let's break master?

Marc Delisle marc at infomarc.info
Mon Mar 5 00:48:29 CET 2012

Le 2012-02-29 06:51, Marc Delisle a écrit :
> Le 2012-02-27 15:45, Michal Čihař a écrit :
>> Hi
>> Dne Tue, 21 Feb 2012 08:18:45 -0500
>> Marc Delisle <marc at infomarc.info> napsal(a):
>>> When Michal talked about register globals, he meant that in
>>> grab_globals.lib.php, we take some variables from superglobals (except
>>> some that are in a blacklist) and make them globals, so that the other
>>> scripts can work with them.
>> Yes, basically this was introduced as short term hack before we get rid
>> of using globals. However it stayed longer than everyone did expect.
>>> In grab_globals.lib.php, we could output to a trace file the names of
>>> the variables that are globalized, then verify in the code where these
>>> global variables are used.
>> In pretty much everything we use $db/$table, so these would be obvious.
>>>>> Also, I suggest to get rid of $_REQUEST, because the origin of its
>>>>> contents is unclear. Ideally, at every place where we refer to
>>>>> $_REQUEST, a comment should explain the possible origin of the contents.
>>>> What do you suggest? Only to use $_POST or $_GET instead of $_REQUEST?
>>>> I don't see another way of getting the values of url variables.
>>> Yes; it could be $_COOKIE also, see
>>> http://www.php.net/manual/en/reserved.variables.request.php.
>> I'm not 100% confident about need to differentiate between GET/POST,
>> however cookies should be surely treated differently (what I believe is
>> already the case).
> I have removed some lines from grab_globals.lib.php. I am currently
> testing the impact of removing the globalization of $_GET on
> server_privileges.php.

For master,globalization of $_GET is now commented out in the script.
I'll start experimenting with commenting out the code for $_POST. Anyone
can join the fun :)

Marc Delisle

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20120304/82e96e4b/attachment.sig>

More information about the Developers mailing list