vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Globalize(array); (https://vborg.vbsupport.ru/showthread.php?t=82201)

Cloudrunner 05-29-2005 11:22 AM
Globalize(array);
 
Okay folks, I've been looking through the online documentations for VB3 and what not now that I have my life back and I have come to realize that I don't know how that function works....

I understand it's used to clean out any magic-quotes that are in the $_GET, $_POST, or $_REQUEST globals, but say I've a large array of $keys => $values, do I HAVE to put each individual $key in the globalize() function, or can I just use a foreach ($_POST AS $key => $value) loop and have it globalize the entire contents in one shot? (We're talking about a 50+ $key => $value array).

Marco van Herwaarden 05-29-2005 11:45 AM
Globalize CAN sanitize some values, but the main purpose is to make $_POST etc. vars available as normal variables.

You can not do any sanitisation on an array. You will have to treat each value as untrusted when processing.

Cloudrunner 05-29-2005 11:51 AM
Quote:
Originally Posted by MarcoH64
Globalize CAN sanitize some values, but the main purpose is to make $_POST etc. vars available as normal variables.

You can not do any sanitisation on an array. You will have to treat each value as untrusted when processing.
So I'm basically stuck adding 50+ lines to the globalize array then?
PHP Code:
globalize($_POST, array(
    'userid' => INT,
    'username' => STR_NOHTML,
    'etc' => STR,
    'etc' => STR
)); 
That's gonna be a HUGE amount of lines for what I'm trying to do, and I'm not really comfortable having that much space taken up if I don't need to.

Is it absolutely required on a page, or does the define('NO_REGISTER_GLOBALS', 1); cover me on this?

Marco van Herwaarden 05-29-2005 12:11 PM
No, you just globalize the array, then you make sure that you protect your sql-statements against injections when one of the array elements is used.

Cloudrunner 05-29-2005 12:18 PM
Quote:
Originally Posted by MarcoH64
No, you just globalize the array, then you make sure that you protect your sql-statements against injections when one of the array elements is used.
[high] * Cloudrunner head starts to hurt...
[/high]

got the globalize, that's cool, but You've confused me with the injections. How does one protect from injections? Sorry to sound newbish, but the sql-injection protection thing is new to me....

are you talking about having a different site, page whatever throw the variables into the script so that the SQL uses those variables instead of the ones it's truly looking for?

Marco van Herwaarden 05-29-2005 12:38 PM
You should protect all external variables used in sql-statements (and some other places) against possible injection of mallicious code. You can do this by forcing numbers to integer (ie. intval($mynumber)) or addslashes (ie. addslashes($myalphabetic)).

Cloudrunner 05-29-2005 12:48 PM
Quote:
Originally Posted by MarcoH64
You should protect all external variables used in sql-statements (and some other places) against possible injection of mallicious code. You can do this by forcing numbers to integer (ie. intval($mynumber)) or addslashes (ie. addslashes($myalphabetic)).
ah, okay, I do that already!

Thank you for the help!!!


All times are GMT. The time now is 10:27 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01393 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete