From a security point of view, it’s not worth discussing the benefits and risks of using register_globals in PHP. It was just a matter of time the PHP team would completely remove this controversial feature. And so they did, register_globals had been deprecated as of PHP 5.3 and removed as of PHP 5.4.
Anyway, there are a few situations in which you would like to update to the latest PHP version (> 5.4) but not get lost of the register_globals feature – e.g. when you are not allowed to change the code of a script that requires register_globals = on or if it’s just too much (unpaid) work to find and edit all related code parts.
Assuming that you follow common security principles, this workaround will bring back register_globals functionality to PHP 5.4+:
- Create an empty file register_globals.php in your PHP include directory (e.g. /usr/share/php).
- Put this code into register_globals.php:
<?php extract($_REQUEST); ?>
- If you want to make more variables become global then simply add other global arrays, e.g.:
<?php extract($_REQUEST); extract($_SERVER); extract($_SESSION); ?>
- Add this directive to the end of your php.ini:
auto_prepend_file = 'register_globals.php'
- Restart Apache:
sudo /etc/init.d/apache2 restart
sudo apachectl restart
Thaks a lot bro, you have saved my life
bonjour, ne fonctionne pas chez moi, page blanche sur tous les sites.
Bonjour et merci,
Moi aussi, ne fonctionne pas chez moi, page blanche ;o(
This works for me!
I am using wamp server 3.0.6 and php 5.6.25.
Thank you very much man!