Illegal use of $_SERVER.

[boardman]

Hi all,

I'm in the process of upgrading from phpBB 3.0 to phpBB 3.1, and I am afraid I am having an issue with request_var().

One of my pages is semi-external, it is making use of the phpBB database by calling common.php in the beginning. I changed all instances of $_POST and $_SERVER in that script to use request_var() instead, but while it seems to work for the post variables, request_var('REMOTE_ADDR','') specifically remains empty.

I am recycling this old thread because it appears that the folks in here were able to retrieve REMOTE_ADDR just fine. Specifically I am hoping for pointers why I can get the post variables but not that one server variable. My only guess is that the server variables are added in a different step than the post variables, and that it may not be covered by calling common.php.

[AmigoJack]

My point would be to (re)read Marc's post to understand to not omit additional parameters to the function.

[boardman]

Sorry, I should have mentioned. I tried this:

request_var('REMOTE_ADDR', '', false, false, \phpbb\request\request_interface::SERVER)

But with the same results (gets me an empty string).

[kasimi]

Can't you use $request->server('REMOTE_ADDR', ''); after including common.php?

[boardman]

Can't you use $request->server('REMOTE_ADDR', ''); after including common.php?

Yay, that works - thanks so much!

Why this and not request_var()?

(EDIT: And your avatar keeps making me giggle. )

[RMcGirr83]

request_var does not have those available and is from phpBB 3.0.x days. 3.1.x introduced the new $request->variable/server/etc.

[kasimi]

It seems request_var() ends up using \phpbb\request\request_interface::REQUEST even when passing \phpbb\request\request_interface::SERVER to it.

As Rich stated, $request is the way to do it in 3.1.x, request_var() is deprecated.

[boardman]

Hm, I do have one more question. Before upgrading, I used:

$_REQUEST['variable']="value";

That way, "value" would also be available in included files. But this isn't working anymore ("Illegal use of $_REQUEST. You must use the request class or request_var()"). What do I use now?

[rxu]

What do I use now?

Code: Select all

$variable = $request->variable('variable', 'some_default_value');

EDIT: Or do you mean assigning the value to the global array node?

[boardman]

EDIT: Or do you mean assigning the value to the global array node?

Yes, that one.

[kasimi]

$_REQUEST['variable']="value";

$request->overwrite("variable", "value", \phpbb\request\request_interface::REQUEST);

[boardman]

Fantastic - thanks a ton.

[alexander7566]

Is there an option to turn this check off? I have a website with tons of pages that integrates with PhpBB a little. I use my own checks for those variables and not about to convert them all. There has to be a way to turn that feature off..

[marcovo]

If you find turning it off is not possible, you might also consider copying $_SERVER into another array ($__SERVER or sth like that) before phpBB does any magic with it. Then just replace $_SERVER by $__SERVER in all your files and you're good to go. Anyways, that's how I've solved it .

Do note that this is probably not possible through any event; you'll have to modify core files for this I guess.. but if you know what you're doing that'll be fine.

[alexander7566]

No still not an option.. However, I figured it out. Modified /forums/config/parameters.yml. Set core.disable_super_globals to false and delete the cache. This resolved my issue right away!