正在注销全局变量? [英] Unregistering Globals?

问题描述

我很难理解此功能.我知道什么是register_globals，它已经从PHP中贬值了多长时间，但是我正在查看这段代码，我想知道其中的内容是什么?...

I'm having trouble understading this function. I know what register_globals is and how long it has been depreciated from PHP but I'm looking at this code and I'm like, what in the?...

<?php
    //Undo register_globals
    function unregister_globals() {
        if (ini_get(register_globals)) {
            $array = array('_REQUEST', '_SESSION', '_SERVER', '_ENV', '_FILES');
            foreach ($array as $value) {
                foreach ($GLOBALS[$value] as $key => $var) {
                    if ($var === $GLOBALS[$key]) {
                        unset($GLOBALS[$key]);
                    }
                }
            }
        }
    }
?>

我不了解的部分是这个...

The part in which I'm not understanding is this...

foreach ($array as $value) {
    foreach ($GLOBALS[$value] as $key => $var) {
        if ($var === $GLOBALS[$key]) {
            unset($GLOBALS[$key]);
         }
     }
 }

此foreach循环循环遍历我们定义的$ array中的每个值，然后内部的foreach循环从GLOBALS抓取一个超级全局数组，无论它是_REQUEST，_SESSION，_SERVER，_ENV，_FILES等...后记似乎条件变量正在检查$ var是否等于GLOBAL变量或不等于GLOBAL变量.如果是这样，我们将取消设置.

This foreach loop is cycling through each value in $array we defined then the inner foreach loop is grabbing a super global array from GLOBALS whether it is _REQUEST, _SESSION, _SERVER, _ENV, _FILES, etc... Afterwords it seems like the condional is checking to see if $var is equal to a GLOBAL variable or what not. If so then we'll unset it.

但是我仍然很难解决这个问题……

But I'm still having a major difficulty wrapping my head around this one...

更新 这是我正在尝试和调试的代码片段.如果register_globals处于打开状态，并且黑客不断闯入，将?auth = 1插入查询字符串，会发生什么情况?会从GLOBALS中删除auth还是将其回显?

UPDATE Here is the snippet of code I'm experimenting with and debugging. What happens if register_globals is on, and a hacker comes barreling along, inserts ?auth=1 into the query string? Will auth be deleted from GLOBALS or will it be echoed out?

if( true ) {
    $globals = array(
        '_COOKIE',
        '_GET',
        '_POST',
        '_REQUEST',
        '_SERVE',
        '_SESSION'
    );

    foreach($globals as $global) {
        foreach($GLOBALS[$global] as $k => $v) {
            /* $GLOBALS['_GET'] on the first loop; */
            /* IF WE SAY, $GLOBALS['app_dir'], WE GET THE VALUE */

            if( $v == $GLOBALS[$k] ) {
                echo "K=> " . $k . "<br />";
                echo "V => " . $v . "<br />";
                echo "GLOB => " . $GLOBALS[$k] . "<br />";
            }
        }
    }

            echo $authorized; // a intentional non-defined variable

    //print_r($GLOBALS);
}

感谢您的时间.

推荐答案

现在，我能够看到它的实际工作原理，现在我可以将其包裹住.本质上，如果用户使用的是PHP 5.3.0或更低版本，并且启用了"register_globals"，那么如果开发人员已经定义了变量，则黑客可以查询诸如"authorized"，"username"等通用变量名称来输入自己的值.

Now that I was able to see how this actually works, I was able to wrap my head around it. Essentially if users are using PHP 5.3.0 or below and 'register_globals' is enabled, hackers can query common variables names such as 'authorized', 'username', etc to feed in there own values if the variable was already defined by the developer.

示例:

if( is_authorized() ) {
    $auth = 1;
}

if( $auth ) {
    // do authorization code here!!!
} else {
    show_login();
}

您可以看到$ auth是常规定义的.如果黑客出现并尝试执行index.php?auth = 1或index.php?auth = true之类的操作，则PHP会将其注册为全局值，将在有条件的情况下对其进行检查，并且我们的黑客将可以访问到应用程序.

You can see $auth is condiotionally defined. If a hacker comes along and tries something like, index.php?auth=1 or index.php?auth=true then PHP will register that as a global value, it'll be checked in the conditional, and our hacker will have access to the application.

我发现...

foreach ($array as $value) {
    foreach ($GLOBALS[$value] as $key => $var) {
        if ($var === $GLOBALS[$key]) {
            unset($GLOBALS[$key]);
        }
    }
}

...实际上未设置这些值，并且黑客无法访问，但是，还有一个错误，正如我之前所想.我的框架中有两个全局变量，分别称为$ app_dir和$ sys_dir，它们指向两个重要的目录.如果黑客冒出来说index.php?app_dir = application& sys_dir = system之类的话，那么实际上它会从$ GLOBALS中取消设置那些全局变量.对于在PHP 5.3.0或更低版本上使用它的任何人，这都将在我的框架内部造成潜在危险.

... actually unsets these values and the hacker won't have access, however, there is also a bug as I previously thought. I have two globals in my framework called $app_dir and $sys_dir pointing to two important directories. If hackers come along and say something like index.php?app_dir=application&sys_dir=system then it'll actually unset those global variables from $GLOBALS. This calls for a potential danger inside of my framework for anyone using it on PHP 5.3.0 or below.

这基本上是如何工作的是条件检查，以查看$ var (我们的值，系统")是否等于$ GLOBAL ['sys_dir']内部的值.有人知道如何解决这个问题吗?

Basically how this works is the conditional checks to see if $var (our value, 'system') is equal to the same value as what's inside $GLOBAL['sys_dir']. Anyone know how to fix this?

这篇关于正在注销全局变量?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！