Nick Zukin wrote:
...
> line 79, if ($forum_admin == 1) {
> line 486, $uname = $cookie[1];
> line 216, $pwd = "$user[2]";
>
> Line 79 is not part of a function or class. It is the first reference to
> $forum_admin in the script. The other two are within functions and the
> first call within those functions. What's being assigned to both of them
> are either in the function call itself or globals.
>
> I do have globals turned on.
you mean register_globals? Turn it off unless this breaks things in a
major way... even then you should consider recoding if that's feasible.
>
> Should I worry about any of this? The pages seem to be working fine? Is
> this going to slow things down? Should I just turn off the logging of such
> errors, if I can?
uninitialized variables + register_globals is usually a bad
combination... especially when we're talking about a varaible like
$forum_admin.
http://XXXX.com/forums/post.php?forum_admin=1&user=whoever
In a simple case the above can happen and someone gains admin rights...
in worse cases you end up with SQL code dropping databases...
>
> Thanks for any help. My log files are in the gigabytes with 90% of that
> over the last month.
ignoring the E_NOTICE errors is a good idea on a production site anyway.
That being said... I would try to fix the code so that the notice
doesn't get produced in the first place.
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
Attachment:
signature.asc
Description: OpenPGP digital signature
