4

unsetglobals

unset_globals
SYNOPSIS

unset_globals()

DESCRIPTION

unset_globals clears a series of dangerous global variables set by PHP if the parameter register_globals is true. unset_globals is called very early by the bootstrap function.

NOTE: The Apache directive SetEnv REGISTER_GLOBALS 0 in .htaccess might be rejected and the call to init_set in settings.inc to set the PHP parameter register_globals to 0 might also be rejected.

CODE
  1. function unset_globals() {
  2.     if (ini_get('register_globals')) {
  3.         $allowed = array('_ENV', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_REQUEST', 'GLOBALS');
  4.         foreach ($GLOBALS as $key => $value) {
  5.             if (!in_array($key, $allowed)) {
  6.                 unset($GLOBALS[$key]);
  7.             }
  8.         }
  9.     }
  10. }
SEE ALSO

engine

Comments

To add a comment, click here.