Is there a program for finding uses of register_globals?

Fri, May 15, 2009 01:38 PM
register_globals is going way in PHP6.  That is fine with me.  Super globals are cool and I have taken to using filter_input_array these days anyhow.  However, our code base is now 10+ years old at dealnews.  Most of the forward facing code was completely rewritten in the last couple of years due to architecture changes.  Many new projects had register_globals turned off via php_admin_flag in Apache.  So, that area is not that big of a problem.  However, our internal admin areas have not all be rewritten because, well frankly, they still work.  Yeah, stuff written for PHP4 in 2000 is still working.  KISS helps a lot with that.  But, this code, somewhere in there, may still be relying on register_globals.  Now, we could go line by line and try and fix it.  But, it seems like a program could be written to do this job.  I mean, I use jEdit and it can highlight unset vars using the PHPParserPlugin just fine.  I bet Zend IDE can do the same.  Has anyone written such a tool for the command line?  There will be false positives I know.  Things like passing a variable by reference to a function would look like a use before set.  But, I can deal with those if I don't have to go line by line through tons of old code.  What would the rules look like for such an animal?  This would be a great project to get off the ground before PHP6 hits.  Ideally you could provide a list of variables for it to ignore.  We have some globals we set up in prepends and includes.