Is there a program for finding uses of register_globals?
Fri, May 15, 2009 01:38 PM
register_globals is going way in PHP6. That is fine with me. Super globals are cool and I have taken to using filter_input_array these days anyhow. However, our code base is now 10+ years old at dealnews. Most of the forward facing code was completely rewritten in the last couple of years due to architecture changes. Many new projects had register_globals turned off via php_admin_flag in Apache. So, that area is not that big of a problem. However, our internal admin areas have not all be rewritten because, well frankly, they still work. Yeah, stuff written for PHP4 in 2000 is still working. KISS helps a lot with that. But, this code, somewhere in there, may still be relying on register_globals. Now, we could go line by line and try and fix it. But, it seems like a program could be written to do this job. I mean, I use jEdit and it can highlight unset vars using the PHPParserPlugin just fine. I bet Zend IDE can do the same. Has anyone written such a tool for the command line? There will be false positives I know. Things like passing a variable by reference to a function would look like a use before set. But, I can deal with those if I don't have to go line by line through tons of old code. What would the rules look like for such an animal? This would be a great project to get off the ground before PHP6 hits. Ideally you could provide a list of variables for it to ignore. We have some globals we set up in prepends and includes.