register_globals修复 [英] register_globals fix
问题描述
我有一个客户,他有一个网上商店,他想让我主持.该网站是由另一个开发人员编写的,并使用全局寄存器.
I have a client who has an online shop he would like me to host. The site was written by another develop and uses register globals.
当我将其上传到服务器时,它告诉我要求启用register_globals,我检查了.htaccess文件.当我问托管公司时,他们告诉我它已被弃用,无法在服务器上运行. 我不确定代码的哪些部分依赖于它,因为我没有仔细研究程序,我只是打算托管它.
When I uploaded it to my server it told me it required register_globals to be enabled, I checked the .htaccess file and it was. When I asked the hosting company they told me it had been dreprecated and wouldn't run on the server. I'm not sure what parts of the code are dependant on it as I've not looked into the progamming too closely, I was only intending to host it.
是否有快速解决方案,还是我必须将代码拆开并使用最新的替代方案进行修复?
Is there a quick fix or am I going to have to take the code apart and fix it with up to date alternatives?
推荐答案
如果代码使用全局寄存器,并且尚未更新为不使用它,则可能是很久以前编写的.这意味着:
If the code uses register globals, and hasn't been updated to not use it, then it was probably written a very long time ago. This means that:
- 几乎可以肯定有大量的安全漏洞;
- 它可能使用了已弃用和/或删除的其他PHP功能;
- 这可能是非常混乱的意大利面条代码,并且
- 重写以解决所有问题将是一个bit子.
我的建议是只找到一个现代的购物车软件包,并帮助他使用该软件包来建立自己的商店,而不是试图使他现有的古老软件继续运行.看起来可能需要做更多的工作,但从长远来看,对于所有参与其中的人来说,麻烦都将减少很多.
My advice is to just find a modern shopping cart software package and help him set up his shop using that instead of trying to keep his existing ancient piece of software running. It may seem like more work, but it'll be a lot less hassle in the long run for everyone involved.
如果您必须修正他现有的代码(即,如果他求您并愿意为您付出很多工作的报酬),那么以下是处理注册全局变量的方法:
If you must fix up his existing code (ie if he begs you and offers to pay you a lot for the work), here's how to deal with register globals:
Register globals接受输入到POST或GET参数中的所有变量,并在全局命名空间中将它们创建为简单变量.因此,您只得到$id而不是$_GET['id'].
Register globals takes all the variables entered into the POST or GET arguments, and creates them as simple variables in the global namespace. So instead of $_GET['id'], you just get $id.
如果程序的编写和记录合理,可能很难看到它所期望的变量.在这种情况下,不难为相关变量指定$_REQUEST;工作完成.
If the program is reasonably well written and documented, it may not be too hard to see what variables it is expecting. In that case, it's not to hard to sustitute $_REQUEST for the relevant variables; job done.
但是很多(嗯,大多数)旧的PHP代码只是抛出了全局变量而没有引起太多关注.包含大量内容,其中数百行代码没有在站点中添加function()声明,并且交织在一起的PHP和HTML代码(可能还包含一些生成Javascript脚本),您通常会遇到一个混乱的局面,除了原始作者(有时甚至没有).
But a lot of (uh, most) old PHP code just throws global variables around without paying much attention to them. Throw in a bunch of includes, hundreds of lines of code without a function() declaration in site, and interwoven PHP and HTML code, possibly with some generate Javascript thrown in, and you often have a mess that is completely impenetrable to anyone except the original author (and sometimes not even them).
如果代码看起来像这样,您将是一个非常勇敢的人尝试对其进行修复.您应该只接受它是不可挽救的,然后走开.过去,我曾从事过一些工作,要求我修复这样的旧代码,并相信我,您可以花数月(甚至数年)的时间才能开始工作.在这种时间范围内,您可能还应该从头开始编写一个全新的系统.
If the code looks like this, you will be a very brave man to attempt to repair it. You should just accept that it is unsalvageable, and walk away. I have had jobs in the past where I've been required to fix up old code like this, and trust me, you can sink months (or even years) of time into it before you start getting somewhere. In that kind of time scale, you might as well have written a whole new system from scratch.
这篇关于register_globals修复的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
