unsetting registered globals

sneakyimp

i have a file i include in every page on my site. i'm putting this code in to reverse any registered globals:

if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') {
  // NOTE:  I don't include $_SESSION here because it gets set in the session.php include file
  $superglobal_merge = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES);
  // we don't want to unset the array we're looping through
  unset($superglobal_merge['superglobal_merge']);
  foreach($superglobal_merge as $key=>$value) {
    unset($$key);
  }
}

Is this overkill? paranoid? inefficient? insecure?

smart? stupid?

devinemke

i would think that this would use less memory as it does not have to merge all of the superglobals into one big array:

$superglobals = array('_GET', '_POST', '_COOKIE', '_SERVER', '_ENV', '_FILES');
foreach ($superglobals as $value)
{
	foreach ($$value as $subkey => $subvalue)
	{
		if (isset($$subkey)) {unset($$subkey);}
	}
}

sneakyimp

nice!

NogDog

You could just put a .htaccess file in your document root directory includng the following line:

php_value register_globals 0