bradymiller wrote on Sunday, December 04, 2011:
Hi,
Committed this to sourceforge along with a minor mod in a commit following it (moving away from using the register globals work around via the new security model).
Agree lots more work to do (although, I suspect it’s much less than we think) and updated this wiki page with progress on this project:
http://open-emr.org/wiki/index.php/Diagnostic_Codes_Development#Common_Issues
-brady
yehster wrote on Sunday, December 04, 2011:
Brady,
>>Committed this to sourceforge along with a minor mod in a commit following it (moving away from using the register globals work around via the new security model).
Can you explain this to me, or point to a web page with more detail? I think my code is semantically the same. It doesn’t actually use register globals. $code_types is defined as a global variable in custom/code_types.inc.php register_globals doesn’t need to be on for my syntax to be work…
http://php.net/manual/en/security.globals.php
I tested in php >5.3 and didn’t get a deprecated function warning.
I think the difference between your code and mine is purely syntactic, and the semantics are identical.
I’m just using the superglobals syntax
http://php.net/manual/en/language.variables.scope.php
A second way to access variables from the global scope is to use the special PHP-defined $GLOBALS array. The previous example can be rewritten as: …
http://www.php.net/manual/en/language.variables.superglobals.php
If I’m missing something, let me know.
Thanks,
-Kevin
bradymiller wrote on Sunday, December 04, 2011:
Hi Kevin,
Sorry for that; just had a total brain lapse. For some reason was thinking it would break if made fake_register_globals glag false, which will do in future to all scripts:
http://open-emr.org/wiki/index.php/Codebase_Security#Plan
But, you are correct, this has nothing to do with your original code, and was a mistake on my part. I also didn’t realize that $code_types was implicitly stored in GLOBALS like that.
-brady
yehster wrote on Sunday, December 04, 2011:
Brady,
Thanks for being vigilant. I learned something from the discussion. I didn’t know about fake_register_globals and now I do. I think perhaps I will force it “off” on all pages on my test system and see if that lets me identify any more scripts that need to be fixed.
-Kevin