A class to handle globalisation of specific variables. This class
allows us to turn off the problematical Php 'register_variables' option in php.ini which allows _anything_ to be accepted into the global scope without a by-your-leave and is therefore a security risk. With this scheme specifically named variables can be globalised and all others will be ignored. If you think of a Php page/script as a function and the globals as its parameters, you will see the light.
Use it at the top of a page as follows. We are assuming that the page needs to have vars '$mode', and '$auth_code' POSTed, and that it has a COOKIE called 'mycookie', and also uses '$HTTP_HOST' from the environment:
$glob = new globals(); $glob->register("mode,auth_code", "post"); // Only from POSTs $glob->register("mycookie", "cookie"); // Only from cookies $glob->globalise();
Or, if you prefer to do everything in one hit, this variation is also fine, although less exacting with the sources:
$glob = new globals("mode,auth_code,mycookie", "post,cookie");
NB: You can call the globalise() method as many times as you like. New vars will be added as you define them each time you call the method, and any existing ones will simply be re-globalised, with no harm done.
NOTE: For those using the Phplib framework, all of the Web Server variables like $HTTP_HOST, $PHP_SELF etc. are automatically globalised for you, as are the website cookies. To add your own GET/POST vars you should put something like this at the top of each webpage, immediately AFTER you have included your site-webpage.php or application.php:
$RESPONSE->globalise("myvar1,myvar2", "get,post");
This will make sure you have access to vars which have been POSTed or GOT via a URL.
NOTE: Variable naming can incorporate a Perl regular expression. To use this feature, you must begin the variable name with the character "^".
Eg. if you have a set of vars named as 'myvarNN' where NN is a numeric counter: $myvar1, $myvar2.. etc. then just call the variable "^myvar[0-9]+" in the list. With regular expressions that means "myvar" followed by one or more digits. To do the same thing, but allowing _any_ chars to come after the stem, call it "^myvar.*". NB: take note of the dot "." which means 'any char'; the asterisk "*" means 'any number of', so the whole thing means 'a var which begins with "myvar" followed by zero or more other characters. If you have an array type variable being posted to your page, called something like: '^myvar[0-9]+[]', this is ok. The square brackets will be escaped for you in the Perl pattern, so no worries.
One last thing: when naming your variable as a Perl regular expression don't end it with the dollar "$" end-of-line char since this is added automatically.
Located in /globals-defs.php (line 106)
Creates the object which contains the vars to globalise and the methods to globalise them. Takes optional parameters which are vars to globalise.
Globalise the variables which have already been registered. Also
accepts varnames and sources as parameters, and registers these if they are given before globalising, thus saving you having to use the register() method if you only have a simple set of vars with one source.
Globalises all variables from all possible sources. This duplicates the effect of Php register_globals = On in the Php configuration .ini file.
NB: This always operates in EGPCS order.
Register the given comma-delimited list of varnames, These are the names of global variables which can come from 'outside sources'.
Optionally specify the allowed sources for these, with the default being all the usual ones: GET, POST, or COOKIEs. NB: The ordering of these is important, and determines how vars will be overwritten if defined from multiple sources.
Documentation generated by phpDocumentor 1.3.0RC3