Dirty-workarounding PHP 5.4 “register_globals” removal


It’s been a while since my last blog post. Work has been amazing and I could hardly find some spare time writing something.

This last days, I’ve been working on upgrading my remaining Squeeze servers to Debian Wheezy… And it implies upgrading from PHP 5.3 to 5.4.

Sounds pretty harmless, right ? Well, look at PHP 5.4 release notes:

  • The register_globals and register_long_arrays php.ini directives have been removed.
  • Call-time pass by reference has been removed.

That shouldn’t be a big deal unless you’re running some very old code you are not intending to fix. And I did.

After trying to fix the code by adding the required _POST and _GET everywhere, I ended up with half pages still not working. Despites fixing post and get, there were also variables from _SERVER and _COOKIE used everywhere and it’s a lot harder to spot them.

My co-worker said: “Better rewrite everything, it would be faster” and I think he was right.

So, I asked Google about this… And Internet helped me:

Here is the trick:

  1. Create a PHP file looping against POST, GET, SERVER and COOKIE arrays and defining all variables (aka register_globals)
  2. Use PHP “auto_prepend_file” directive to include this new code in all your pages
  3. Do this inside the Apache virtual host config to avoid messing up all other sites by changing php.ini

Create a “dirty_hack_restore_register_globals.php” file in your website wwwroot and fill it with the following code:

Edit your Apache configuration file to add a php_value directive for your wwwroot.

I also added “display_errors” because I had some functions called using references (triggers a PHP Fatal error now).

It’s easier to display them inside the generated HTLM page and users will be able to report them.

Running the command below inside your wwwroot should help you to find all pass-by-references issues:

Beware to only remove the “&” from function call, not function definition!

Keeping “display_errors” enabled can help spotting other issues not covered by this article.


Hope that could help ! See you soon.