On Wed, 2008-10-22 at 11:16 -0700, Jim Lucas wrote: > Dee Ayy wrote: > > Is there a tool that can analyze PHP source code and detect if the > > code is relying on register_globals still being on? Perhaps detecting > > if a variable has not been initialized within the code? > > > > These are my specific needs, but I'm also interested in general SCA > > tools and features. > > > > Sure, turn on error_reporting(E_ALL); > and let the errors flow > > I would do this in a .htaccess file > > php_value error_reporting E_ALL > php_flag display_errors On > > You should now see all the errors being displayed to the screen. If this is > less then ideal, you could leave off the display_errors part and check your > php log file instead. > > Some people will probably suggest using something like xdebug I personally > have never used a debugging tool, except for the version that Robert talks > about. Works great and never has to be reconfigured or setup more then once... :) > > -- > Jim Lucas > > "Some men are born to greatness, some achieve greatness, > and some have greatness thrust upon them." > > Twelfth Night, Act II, Scene V > by William Shakespeare > > I've heard that PHPDebug isn't that bad these days now as well, but I've never used it before. Also, if possible, you could try to compile the PHP code (again, not sure how you do this, but I've heard it's possible, to get the OP codes) and see what happens. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
