PHP Files No Longer Work... Why?

kmattera

Hi everyone,

My comnpany hosts some websites and we have a client that has PHP files. Those files have been working fine according to the client up until 2 weeks ago when a new firewall was installed. Since then, anytime a PHP file is accessed, there is an error page that comes up.

Notice: Undefined variable: submit in D:\Inetpub\calendar\admin\index.php on line 5

I changed the php.ini file to make sure that Error Handling is set to
error_reporting = E_ALL & ~E_NOTICE

I was told by someone that it could be that the firewall is blocking GET or POST requests, but the Engineer says that its not.

Does anyone have any ideas what the problem might be since the code has not changed? I truly believe it has to do with the new firewall, but I am not an expert, so I'm just having to put 2 and 2 together here.

Thanks for your help!

Installer

It sounds to me like someone turned the php.ini setting "register_global" off. It's definitely a php, not firewall, problem, imo, if the engineer is right.

kmattera

That seemed to solve the problem. Not sure how it worked before and stopped working since the php.ini file hadn't been touched since 2003, but whatever the reason, I'll take the solution. 🙂

Thanks again!!!

justsomeone

You might want to discuss this with your customer.

Enabling register_globals is a serious security risk, the application developer needs to be aware of this change in the setting so that they can take any evasive action needed.

bradgrafelman

Right. If you don't know about the danger, you really should do a quick read on it. With it enabled, I could overwrite any variable setting by adding it to the URL, i.e. "?login=true" or something similar.

Turn register_globals Off, and use code such as this:

if(!empty($_POST['submit'])) $submit = $_POST['submit']; else $submit = '';

or, using the ternary operator in conjunction with the error surpressor:

$submit = ((@$_POST['submit']) ? $_POST['submit'] : '');

Code to fix scripts depending on register_globals has been posted numerous times all over this board in many different flavors; do a seach on 'register_globals' and see what you find.