Disabilitare i register_globals .... ma non ci riesco

Darkan · Messaggio da **Darkan** » 10/12/2006, 18:44

Ciao

Il mio host mi dice di mettere i register_globals su off, ma anche scaricando le varie guide non ci riesco ....

Nel file dice:

In both includes/functions/session.php files, replace the link_session_variable function with the following code:

function link_session_variable($var_name, $map)
{
if ($map)
{
// Map global to session variable. If the global variable is already set to some value
// then its value overwrites the session variable. I **THINK** this is correct behaviour
if (array_key_exists($var_name,$GLOBALS)) {
$_SESSION[$var_name] =& $GLOBALS[$var_name];
} else {
$GLOBALS[$var_name] =& $_SESSION[$var_name];
}
}
else
{
// Unmap global from session variable. Note that the global variable keeps the value of
// the session variable. This should be unnecessary but it reflects the same behaviour
// as having register_globals enabled, so in case the OSC code assumes this behaviour,
// it is reproduced here
$nothing = 0;
$GLOBALS[$var_name] =& $nothing;
unset($GLOBALS[$var_name]);
$GLOBALS[$var_name] = $_SESSION[$var_name];
}
}

4. In the same files, replace the tep_session_is_registered function with the following code:

function tep_session_is_registered($variable) {
// >>> BEGIN REGISTER_GLOBALS
// return session_is_registered($variable);
return array_key_exists($variable,$_SESSION);
// <<< END REGISTER_GLOBALS
}

Ma il mio file session.php è fatto così:

<?php
/*
$Id: sessions.php,v 1.19 2003/07/02 22:10:34 hpdl Exp $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright (c) 2003 osCommerce

Released under the GNU General Public License
*/

if (STORE_SESSIONS == 'mysql') {
if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
$SESS_LIFE = 1440;
}

function _sess_open($save_path, $session_name) {
return true;
}

function _sess_close() {
return true;
}

function _sess_read($key) {
$value_query = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'");
$value = tep_db_fetch_array($value_query);

if (isset($value['value'])) {
return $value['value'];
}

return false;
}

function _sess_write($key, $val) {
global $SESS_LIFE;

$expiry = time() + $SESS_LIFE;
$value = $val;

$check_query = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'");
$check = tep_db_fetch_array($check_query);

if ($check['total'] > 0) {
return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'");
} else {
return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')");
}
}

function _sess_destroy($key) {
return tep_db_query("delete from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'");
}

function _sess_gc($maxlifetime) {
tep_db_query("delete from " . TABLE_SESSIONS . " where expiry < '" . time() . "'");

return true;
}

session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
}

function tep_session_start() {
return session_start();
}

function tep_session_register($variable) {
global $session_started;

if ($session_started == true) {
return session_register($variable);
} else {
return false;
}
}

function tep_session_is_registered($variable) {
return session_is_registered($variable);
}

function tep_session_unregister($variable) {
return session_unregister($variable);
}

function tep_session_id($sessid = '') {
if (!empty($sessid)) {
return session_id($sessid);
} else {
return session_id();
}
}

function tep_session_name($name = '') {
if (!empty($name)) {
return session_name($name);
} else {
return session_name();
}
}

function tep_session_close() {
if (PHP_VERSION >= '4.0.4') {
return session_write_close();
} elseif (function_exists('session_close')) {
return session_close();
}
}

function tep_session_destroy() {
return session_destroy();
}

function tep_session_save_path($path = '') {
if (!empty($path)) {
return session_save_path($path);
} else {
return session_save_path();
}
}

function tep_session_recreate() {
if (PHP_VERSION >= 4.1) {
$session_backup = $_SESSION;

unset($_COOKIE[tep_session_name()]);

tep_session_destroy();

if (STORE_SESSIONS == 'mysql') {
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
}

tep_session_start();

$_SESSION = $session_backup;
unset($session_backup);
}
}
?>

feniva_hosting · Messaggio da **feniva_hosting** » 11/12/2006, 11:51

Se sei su hosting linux, creati un file .htaccess nella cartella principale del tuo sito.

Al suo interno ci metti questa riga:

php_flag register_globals Off

Ciau!