SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Evangelist
    Join Date
    May 2003
    Posts
    590
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP 4.0.4pl1 --> 4.3.1 , any problems ?

    Hi,

    I'm looking at changing the web hosting for a client. Are there any problems to be aware of, or any 'gotchas' with moving from PHP version 4.0.4pl1 to 4.3.1 ?

    The other configuration changes are:

    Apache 1.3.22 ---> Apache 1.3.27
    Perl 5.6 ---> Perl 5.006001
    MySQL 3.23.54 ---> MySQL 4.0.12

    Thanks,

    Peter

  2. #2
    "Of" != "Have" bronze trophy Jeff Lange's Avatar
    Join Date
    Jan 2003
    Location
    Calgary, Canada
    Posts
    2,063
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    register_globals is now off
    magic_quotes_gpc is now off

    those are the 2 big ones.
    Who walks the stairs without a care
    It shoots so high in the sky.
    Bounce up and down just like a clown.
    Everyone knows its Slinky.

  3. #3
    SitePoint Evangelist
    Join Date
    May 2003
    Posts
    590
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Jeff,

    Quote Originally Posted by cyborg from dh
    register_globals is now off
    magic_quotes_gpc is now off
    I searched the website for both those strings , and found no occurances.

    Thanks,

    Peter

  4. #4
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    register_globals is an important configuration option in the php.ini see http://www.php.net/register_globals

  5. #5
    SitePoint Evangelist
    Join Date
    May 2003
    Posts
    590
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP 4.0.4pl1 --> 4.3.1 , any problems ?

    Hi,

    Thanks for the link. Looks like I had better do quite a bit of reading up on this. I did a phpinfo() and yes, it is set to ON now, with version 4.0.4pl1

    From the link, a small snippet:

    When on, register_globals will inject (poison) your scripts will all sorts of variables, like request variables from html forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier.
    So, it would seem simply having it off in vers 4.3.1 is making the site/code more secure. Fortunately, we may have the opportunity to load all of the curret site to a 'test' site for a few weeks.

    Thanks,

    Peter

  6. #6
    "Of" != "Have" bronze trophy Jeff Lange's Avatar
    Join Date
    Jan 2003
    Location
    Calgary, Canada
    Posts
    2,063
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, depending on how the script was written, it may not even depend on register_globals.

    If it does, there are a few things you can do to get around it, however if you wrote the script yourself, you may want to consider modifying it to not be dependant on register_globals.
    Who walks the stairs without a care
    It shoots so high in the sky.
    Bounce up and down just like a clown.
    Everyone knows its Slinky.

  7. #7
    SitePoint Evangelist
    Join Date
    May 2003
    Posts
    590
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP 4.0.4pl1 --> 4.3.1 , any problems ?

    Hi,

    Quote Originally Posted by cyborg from dh
    Well, depending on how the script was written, it may not even depend on register_globals. If it does, there are a few things you can do to get around it, however if you wrote the script yourself, you may want to consider modifying it to not be dependant on register_globals.
    There is code like:

    PHP Code:
    global $SCRIPT_NAME$PATH_INFO
    so, I assume these are globals that work okay now, but will need to be treated differently in the newer version. Also, I seem to remember with PHP version 4.? , the _forced_ use of "$_" to prefix some variables was mandatory, like:

    PHP Code:
    if (isset(SESSION['username'])) { 
    had to become .......

    PHP Code:
    if (isset($_SESSION['username'])) { 
    That's only from memory though, it was _something_ like that.

    Thanks,

    Peter

  8. #8
    "Of" != "Have" bronze trophy Jeff Lange's Avatar
    Join Date
    Jan 2003
    Location
    Calgary, Canada
    Posts
    2,063
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    no, function globals are still in PHP 4.3.1.

    as for $_SESSION, it was called $HTTP_SESSION_VARS in PHP < 4.1.0, however $HTTP_SESSION_VARS still works in 4.3.1.
    Who walks the stairs without a care
    It shoots so high in the sky.
    Bounce up and down just like a clown.
    Everyone knows its Slinky.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •