<code>/* * ------------------------------------------------------ * Security procedures * ------------------------------------------------------ */ if ( ! is_php('5.4')) // 如果php版本大于等于5.4 { ini_set('magic_quotes_runtime', 0); if ((bool) ini_get('register_globals')) { $_protected = array( '_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', '_COOKIE', 'GLOBALS', 'HTTP_RAW_POST_DATA', 'system_path', 'application_folder', 'view_folder', '_protected', '_registered' ); $_registered = ini_get('variables_order'); foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal) { if (strpos($_registered, $key) === FALSE) { continue; } foreach (array_keys($$superglobal) as $var) { if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE)) { $GLOBALS[$var] = NULL; } } } } }</code>
I don’t quite understand what these codes are doing, and what are the benefits of doing so?
I humbly ask all the masters for advice.
<code>/* * ------------------------------------------------------ * Security procedures * ------------------------------------------------------ */ if ( ! is_php('5.4')) // 如果php版本大于等于5.4 { ini_set('magic_quotes_runtime', 0); if ((bool) ini_get('register_globals')) { $_protected = array( '_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', '_COOKIE', 'GLOBALS', 'HTTP_RAW_POST_DATA', 'system_path', 'application_folder', 'view_folder', '_protected', '_registered' ); $_registered = ini_get('variables_order'); foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal) { if (strpos($_registered, $key) === FALSE) { continue; } foreach (array_keys($$superglobal) as $var) { if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE)) { $GLOBALS[$var] = NULL; } } } } }</code>
I don’t quite understand what these codes are doing, and what are the benefits of doing so?
I humbly ask all the masters for advice.
If you identify the register_globals status when the PHP version is greater than 5.4, you can see that there are some keywords in the array. The following operations are for security reasons. If register_globals is turned on, it means various variables There is a risk of being injected. For example, if you usually use $_POST to get the parameters passed in the post method, if it is injected, it will become another action, so you need to protect it.
register_globals information can refer to
http://php.net/manual/zh/security.globals.php