Snarky Steely Dan Day

To Gareth:

I'm trying to figure out what I'm in the mood to listen to today.

eh, screw it. I officially declare this as yet another snarky Steely Dan Day.

It's never a good sign for the rest of the world when I declare something like this.

Oh, right. Hi, everyone. Miss me yet? I decided to stick to my guns and not post for a couple of days. If any of you had actually come over to the house and seen me, I would've attributed the muscle tics, verbal glitches, and general twitchiness to Quarto.

Yeah, Quarto! You know, my favorite punching bag!

The sad thing is that it might've even been true.

Scratch that. It probably was true. Not that I don't miss posting to cat.net when I take a break—as the scratchpad of entry ideas on my desk would tend to indicate—but this has simply not been one of my better weeks for coding.

(Ye gods, is it already Thursday? Andrew and Joy are arriving on Monday? Please excuse me while I panic. Andrew, you're a wonderful friend and I've adored you just to bits since we were thirteen, but you have the tidiest house I've ever seen and…oh God, I'm just going to shut up now before I really embarrass myself.)

So—right—about that state of mind thing. If any of you are familiar with the concept of "register globals" in PHP, you may now turn off your computer and ignore the rest of this entry. (Or point and laugh.) For the rest of you mortals, "register globals" has a lot to do with my current loss of mental capacity.

The idea: in the newer versions of PHP, more machines will have "register globals" turned off. That means that variables have to be very specifically referenced. Let's just take poor $delete_site_toggle, which I'm currently dog-kicking in another window, as the example.

Mr. $delete_site_toggle only gets set when someone with site-deleting privileges (think gun-toting westerners, but with mouses and delete keys instead of guns and pointy objects) wanders into the manage-sites page and picks a site to delete. Our gunslinger is then taken to the page of configuration options about the site in question. Down at the bottom of the page there's this nice, spicy hidden $delete_site_toggle variable lying in wait.

If they get a wild hair and click the "Delete this site!" button, the form is submitted, and the page is reloaded. Whether or not Mr. $delete_site_toggle gets to go on a killing spree is determined by whether or not "register globals" is turned on.

If it's not turned on, then I can just holler $delete_site_toggle and all is well. However, even under the best of circumstances, this isn't terribly secure.

It's also the easier way, and of course, that's what I took.

The problem comes when "register globals" is turned on. If it is, I have to be all nice and formal and call Mr. $delete_site_toggle by his proper name, which is $_POST['delete_site_toggle'] (because he's being submitted via POST). Otherwise, my script is prissy and totally ignores the gunslinger's request for site slaughter.

Now imagine having to do this for many, many variables. Over 4900 lines of code. When you're really not very good at this.

…and, suddenly, the "snarky Steely Dan Day" makes complete and utter sense, doesn't it?

"Broadway duchess
Darling if you only knew
Half as much as
Everybody thinks you do"
—Steely Dan, I Got The News

Comments

Isn't insanity fun?

Quack?

Moo.

Huuuuuuuuurda-pingpingping.

Moooomph.

"look at this chain of sorrows
stretching all the way from here and now
to hell and gone" oh. wait. wrong entry. MOOOOOOOOO.

BRRRAAAAAA

bork bork bork

A hurdy-gurdy-gur...

sass!

I cant believe noone has put BAAAAAAAAAAAAAAAAAAAAAAAAAAA Sheeeeeeeeeep Rule!!!!!!!!!!!!

Take me drunk, offishur, I'm home!

"I don't suffer from insanity. I enjoy EVERY SECOND of it!"

flibbertygibbet

fleabs.

Have you considered turning globals off for your site in the .htaccess files with the following directive: php_flag register_globals off Then you can apply the following code from http://www.php.net/manual/en/security.registerglobals.php by killergod2000@gmx.net: ### register_globals = off ### +++ //HTTP_GET_VARS while (list($key, $val) = @each($HTTP_GET_VARS)) ( $GLOBALS[$key] = $val; ) //HTTP_POST_VARS while (list($key, $val) = @each($HTTP_POST_VARS)) ( $GLOBALS[$key] = $val; ) //HTTP_POST_FILES while (list($key, $val) = @each($HTTP_POST_FILES)) ( $GLOBALS[$key] = $val; ) //$HTTP_SESSION_VARS while (list($key, $val) = @each($HTTP_SESSION_VARS)) ( $GLOBALS[$key] = $val; ) ### register_globals = off ### You can then slowly alter your pages, then after you do comment out the code to copy the variables into global namespace so that you can see which ones you've forgotten. I have to do that on some old code myself. It's a pain, but it should help in the long run.

Hmmm... the .htaccess parameter didn't quite make it. It should be like so: <IfModule mod_php4.c> php_flag register_globals off </IfModule>

First thing I thought of was to write a script that would change variables for you, asking the first time it came across the variable in a page whether or not to change it to $_POST (or whatever), and then change all instances of that variable in that page. Then I thought that that would be rather fun. Then I thought that I'm losing my mind. BUT WITH PERL YOU CAN DO ANYTHING! Muahah.

Best-on-the-net website design templates are available here for immediate download. Create high-end web sites using our templates for as little as $20.

Best-on-the-net website design templates are available here for immediate download. Create high-end web sites using our templates for as little as $20.

Mmmmm, you're going to get some interesting porn spam.

You know, I really, really hate spammers. Since I know that this page gets hit pretty regularly by spambots, let me help you out a bit. david@templatemonster.com david@templatemonster.com david@templatemonster.com david@templatemonster.com david@templatemonster.com Let's all never, ever visit his website, but cheer when the spambots pick him up. Have a nice day.

Right. HAND. DLTDHYITAOTWO! :)