Tickets :: [#10062] /lib/core.php: register_globals check

6.0.0-alpha14

7/2/25

Summary	/lib/core.php: register_globals check
Queue	Horde Framework Packages
Queue Version	Git master
Type	Bug
State	Resolved
Priority	2. Medium
Owners	slusarz (at) horde (dot) org
Requester	alessandro.dellavedova (at) gmail (dot) com
Created	05/09/2011 (5168 days ago)
Due
Updated	05/11/2011 (5166 days ago)
Assigned	05/09/2011 (5168 days ago)
Resolved	05/11/2011 (5166 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

05/11/2011 06:41:37 AM	Michael Slusarz	Assigned to Michael Slusarz Taken from Horde Developers State ⇒ Resolved

05/11/2011 06:40:47 AM	Git Commit	Comment #8	Reply to this comment
Changes have been made in Git for this ticket: ~~Bug #10062~~: Workaround broken PHP servers returning Off for register_globals 1 files changed, 4 insertions(+), 2 deletions(-) http://git.horde.org/horde-git/-/commit/5fba617a376a816e29a6b34d71699b95642ed2e8

05/10/2011 08:52:45 AM	Jan Schneider	Comment #7	Reply to this comment
I really don't want to be parsing this value on every page load as a workaround. This shouldn't be problem at all. The expensive part (if at all) is calling ini_get(). Whether you test the result against one or two values doesn't matter.

05/10/2011 06:37:09 AM	alessandro (dot) dellavedova (at) gmail (dot) com	Comment #6	Reply to this comment
I really don't want to be parsing this value on every page load as a workaround. Since the PHP manual is clear that 0 is the expected value (notwithstanding what the comments say), I would rather report this as a broken PHP installation somewhere in the test scripts instead and then tell the user they should change their php.ini value from Off -> 0. Perfect, thank you for your time !

05/10/2011 06:10:53 AM	Michael Slusarz	Comment #5	Reply to this comment
I really don't want to be parsing this value on every page load as a workaround. Since the PHP manual is clear that 0 is the expected value (notwithstanding what the comments say), I would rather report this as a broken PHP installation somewhere in the test scripts instead and then tell the user they should change their php.ini value from Off -> 0.

05/09/2011 06:58:14 PM	alessandro (dot) dellavedova (at) gmail (dot) com	Comment #4	Reply to this comment
Though the comments on that page indicate that this is not true in all cases. Thank you for your detailed analysis, if this can be of any help I'm runnig Horde under the following environment: - FreeBSD 8.2 amd64; - PHP 5.3.6 with Suhosin-Patch, compiled from ports.

05/09/2011 05:09:05 PM	Jan Schneider	Comment #3 State ⇒ Assigned Assigned to Horde Developers	Reply to this comment
Though the comments on that page indicate that this is not true in all cases.

05/09/2011 05:06:42 PM	Jan Schneider	Comment #2 State ⇒ Not A Bug	Reply to this comment
This seems to be a bug in PHP then, or actually in your PHP, because no one else seems to have this problem. From http://php.net/ini_get: A boolean ini value of off will be returned as an empty string or "0" while a boolean ini value of on will be returned as "1".

05/09/2011 02:04:01 PM	alessandro (dot) dellavedova (at) gmail (dot) com	Comment #1 State ⇒ Unconfirmed Patch ⇒ No Milestone ⇒ Queue ⇒ Horde Framework Packages Summary ⇒ /lib/core.php: register_globals check Type ⇒ Bug Priority ⇒ 2. Medium	Reply to this comment
Dear Sirs, I'm using the very latest release of Horde Framework (4.0.2) under PHP 5.3.6 and this check inside /lib/core.php fails: if (ini_get('register_globals')) { exit('Register globals is enabled. Exiting.'); } I've put the following lines before the check and the register_globals in the php.ini is OFF (I double checked also via phpinfo): var_dump (ini_get('register_globals')); exit; The output is: string(3) "off" Am I missing something or maybe the check is expecting a numeric value instead of a string ? Thank you, Alessandro