Home > Backend Development > PHP Tutorial > PHP framework - A piece of code in PHP's CI framework is difficult to understand by myself. I hope someone can give me some advice.

PHP framework - A piece of code in PHP's CI framework is difficult to understand by myself. I hope someone can give me some advice.

WBOY
Release: 2016-08-20 09:04:09
Original
920 people have browsed it

<code>/*
 * ------------------------------------------------------
 * Security procedures
 * ------------------------------------------------------
 */

if ( ! is_php('5.4')) // 如果php版本大于等于5.4
{
    ini_set('magic_quotes_runtime', 0);

    if ((bool) ini_get('register_globals'))
    {
        $_protected = array(
            '_SERVER',
            '_GET',
            '_POST',
            '_FILES',
            '_REQUEST',
            '_SESSION',
            '_ENV',
            '_COOKIE',
            'GLOBALS',
            'HTTP_RAW_POST_DATA',
            'system_path',
            'application_folder',
            'view_folder',
            '_protected',
            '_registered'
        );

        $_registered = ini_get('variables_order');
        foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal)
        {
            if (strpos($_registered, $key) === FALSE)
            {
                continue;
            }

            foreach (array_keys($$superglobal) as $var)
            {
                if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE))
                {
                    $GLOBALS[$var] = NULL;
                }
            }
        }
    }
}</code>
Copy after login
Copy after login

I don’t quite understand what these codes are doing, and what are the benefits of doing so?
I humbly ask all the masters for advice.

Reply content:

<code>/*
 * ------------------------------------------------------
 * Security procedures
 * ------------------------------------------------------
 */

if ( ! is_php('5.4')) // 如果php版本大于等于5.4
{
    ini_set('magic_quotes_runtime', 0);

    if ((bool) ini_get('register_globals'))
    {
        $_protected = array(
            '_SERVER',
            '_GET',
            '_POST',
            '_FILES',
            '_REQUEST',
            '_SESSION',
            '_ENV',
            '_COOKIE',
            'GLOBALS',
            'HTTP_RAW_POST_DATA',
            'system_path',
            'application_folder',
            'view_folder',
            '_protected',
            '_registered'
        );

        $_registered = ini_get('variables_order');
        foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal)
        {
            if (strpos($_registered, $key) === FALSE)
            {
                continue;
            }

            foreach (array_keys($$superglobal) as $var)
            {
                if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE))
                {
                    $GLOBALS[$var] = NULL;
                }
            }
        }
    }
}</code>
Copy after login
Copy after login

I don’t quite understand what these codes are doing, and what are the benefits of doing so?
I humbly ask all the masters for advice.

If you identify the register_globals status when the PHP version is greater than 5.4, you can see that there are some keywords in the array. The following operations are for security reasons. If register_globals is turned on, it means various variables There is a risk of being injected. For example, if you usually use $_POST to get the parameters passed in the post method, if it is injected, it will become another action, so you need to protect it.

register_globals information can refer to
http://php.net/manual/zh/security.globals.php

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template