{"id":92,"date":"2014-01-24T15:26:54","date_gmt":"2014-01-24T14:26:54","guid":{"rendered":"http:\/\/blog.le-vert.net\/?p=92"},"modified":"2014-01-24T17:49:39","modified_gmt":"2014-01-24T16:49:39","slug":"dirty-workarounding-php-5-4-register_globals-removal","status":"publish","type":"post","link":"https:\/\/blog.le-vert.net\/?p=92","title":{"rendered":"Dirty-workarounding PHP 5.4 &#8220;register_globals&#8221; removal"},"content":{"rendered":"<div class=\"twttr_buttons\"><div class=\"twttr_twitter\">\n\t\t\t\t\t<a href=\"http:\/\/twitter.com\/share?text=Dirty-workarounding+PHP+5.4+%22register_globals%22+removal\" class=\"twitter-share-button\" data-via=\"\" data-hashtags=\"\"  data-size=\"default\" data-url=\"https:\/\/blog.le-vert.net\/?p=92\"  data-related=\"\" target=\"_blank\">Tweet<\/a>\n\t\t\t\t<\/div><\/div><p>Hello,<\/p>\n<p>It&#8217;s been a while since my last blog post. Work has been amazing and I could hardly find some spare time writing something.<\/p>\n<p>This last days, I&#8217;ve been working on upgrading my remaining Squeeze servers to Debian Wheezy&#8230; And it implies upgrading <strong>from PHP 5.3 to 5.4<\/strong>.<\/p>\n<p>Sounds pretty harmless, right ? Well, look at <a href=\"http:\/\/php.net\/manual\/en\/migration54.incompatible.php\">PHP 5.4 release notes<\/a>:<\/p>\n<ul>\n<li>The <strong>register_globals<\/strong> and register_long_arrays php.ini directives <strong>have been removed<\/strong>.<\/li>\n<li><strong>Call-time pass by reference<\/strong> has been removed.<\/li>\n<\/ul>\n<p>That shouldn&#8217;t be a big deal unless you&#8217;re running <strong>some very old code<\/strong> you are not intending to fix. And I did.<\/p>\n<p>After trying to fix the code by adding the required <strong>_POST and _GET<\/strong> everywhere, I ended up with half pages still not working. Despites fixing post and get, there were also variables from <strong>_SERVER and _COOKIE<\/strong> used everywhere and it&#8217;s a lot harder to spot them.<\/p>\n<p>My co-worker said: &#8220;Better rewrite everything, it would be faster&#8221; and I think he was right.<\/p>\n<p>So, I asked Google about this&#8230; And <a href=\"http:\/\/www.reddit.com\/r\/linuxadmin\/comments\/16npyi\/php_54_hasnt_register_globals_anymore_thats_my\/\">Internet helped me<\/a>:<\/p>\n<p>Here is the trick:<\/p>\n<ol>\n<li>Create a <strong>PHP file looping against POST, GET, SERVER and COOKIE arrays<\/strong> and defining all variables (aka register_globals)<\/li>\n<li>Use PHP <strong>&#8220;auto_prepend_file&#8221; directive<\/strong> to include this new code in all your pages<\/li>\n<li>Do this inside the <strong>Apache virtual host config<\/strong> to avoid messing up all other sites by changing php.ini<\/li>\n<\/ol>\n<p>Create a <strong>&#8220;dirty_hack_restore_register_globals.php&#8221;<\/strong> file in your website wwwroot and fill it with the following code:<\/p>\n<pre>&lt;?php\r\n\/\/ Restore register_globals-like behavior\r\n\/\/ -_-\r\n\r\nforeach ($_REQUEST as $key=&gt;$val) {\r\n  ${$key}=$val;\r\n}\r\nforeach ($_SERVER as $key=&gt;$val) {\r\n  ${$key}=$val;\r\n}\r\nforeach ($_COOKIE as $key=&gt;$val) {\r\n  ${$key}=$val;\r\n}\r\nforeach ($_POST as $key=&gt;$val) {\r\n  ${$key}=$val;\r\n}\r\nforeach ($_GET as $key=&gt;$val) {\r\n  ${$key}=$val;\r\n}\r\n?&gt;<\/pre>\n<p>Edit your <strong>Apache<\/strong> configuration file to add a <strong>php_value directive<\/strong> for your wwwroot.<\/p>\n<pre>&lt;Directory \/var\/www\/mysite&gt;\r\n  Options FollowSymlinks\r\n  AllowOverride None\r\n  Order allow,deny\r\n  Allow from all\r\n\r\n  # PHP 5.4 fucked this :\/\r\n  #php_admin_value register_globals 1\r\n  # Let's hack a different way\r\n  # Restore this old behavior using a small snippets looping\r\n  # against PHP built-in var (like _POST) to declare variables\r\n  php_value auto_prepend_file \/var\/www\/mysite\/dirty_hack_restore_register_globals.php\r\n\r\n  # Many Call-time pass-by-reference has been removed\r\n  # Display inside HTML for easier spotting\r\n  php_admin_value display_errors 1\r\n&lt;\/Directory&gt;<\/pre>\n<p>I also added <strong>&#8220;display_errors&#8221;<\/strong> because I had some functions called using references (triggers a\u00a0PHP Fatal error now).<\/p>\n<p>It&#8217;s easier to display them inside the generated HTLM page and users will be able to report them.<\/p>\n<p>Running the command below inside your wwwroot should help you to find <strong>all pass-by-references issues<\/strong>:<\/p>\n<pre>find . -name '*.php' -exec grep -H '&amp;\\$' {} \\;<\/pre>\n<p>Beware to only remove the &#8220;&#038;&#8221; from <strong>function call, not function definition! <\/strong><\/p>\n<p>Keeping <strong>&#8220;display_errors&#8221;<\/strong> enabled can help spotting <strong>other issues not covered<\/strong> by this article.<\/p>\n<p>&nbsp;<\/p>\n<p>Hope that could help ! See you soon.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello, It&#8217;s been a while since my last blog post. Work has been amazing and I could hardly find some spare time writing something. This last days, I&#8217;ve been working on upgrading my remaining Squeeze servers to Debian Wheezy&#8230; And &hellip; <a href=\"https:\/\/blog.le-vert.net\/?p=92\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/92"}],"collection":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92"}],"version-history":[{"count":21,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/92\/revisions"}],"predecessor-version":[{"id":115,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/92\/revisions\/115"}],"wp:attachment":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}