I currently maintain about 100 sites that use PHP. Many of them were programmed pre 4.2, and are not compatible with the register_globals=off setting. Since we use virtual hosts in apache I have been able to modify that one ini setting for the sites that need it, but now my job is to modify all of these scripts to be compatible with the register_globals=off setting so they will be more secured. I'm wondering if anyone out there has written a script that can look at the PHP scripts and see if they are compatible or not. I'm sure this would be no easy task, but it would be most useful at the same time. I've done a find for all of the PHP scripts on our server and am confronted with over 8,000 scripts that need to be looked at, and that's just files with the .php extension.... we've got plenty of .inc's and other various extensions (including a few sites that parse .html as PHP) that would need to be checked as well.
Anybody got any ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php