marcovo wrote:F-3000 wrote:
Code: Select all
$myVar = request_var('REMOTE_ADDR','');
This makes me wonder what happens if I request the page
index.php?REMOTE_ADDR=127.0.0.1
?
I think that super globals are merged last, meaning that the
$_GET['REMOTE_ADDR']
is overridden by
$_SERVER
's value.
marcovo wrote:Why are all these globals merged into 1 array anyways?
Because someone for some odd reason wanted to simplify things a littlebit too much? If there's a
$_GET['value']
and
$_POST['value']
, you're gona lose either one. Within phpBB-context, this aint gona happen (or it's going to be bug-reported pretty soon), but within CMS-context where phpBB is
include
d, it's very possible.
I personally dislike this change a lot, regardless that I understand it. Super globals themselves are not dangerous. Dangerous is, if coder does not understand that
any user input should be treated as dangerous. I, for example,
always check
any values controllable by the user before utilizing them.
Luckily this change is easily rendered harmless with a single line, without a need to disable it forum-wide. Thanks for that.
[EDIT]
As a sidenote, I'm not talking in a phpBB extension context, rather in regarding utilizing phpBB within main site. I just noticed the area where this thread resides, thus I'm somewhat out of topic, even if my problem had same source. I landed on this thread thru Google.