Removed register_globals

INSTALL

@@ -716,14 +716,6 @@ CGI environment and recommended modifications in php.ini
      the web server not from the administration server. Use the command
      line as root user and start it manually - you will see there are no
      CGI-like environment variables.
-
-   Simply change your scripts to get CGI variables in the correct way for
-   PHP 4.x by using the superglobal $_SERVER. If you have older scripts
-   which use $HTTP_HOST, etc., you should turn on register_globals in
-   php.ini and change the variable order too (important: remove "E" from
-   it, because you do not need the environment here):
-variables_order = "GPCS"
-register_globals = On
      __________________________________________________________________
 
 Special use for error pages or self-made directory listings (PHP >= 4.3.3)
@@ -1532,7 +1524,7 @@ The configuration file
 ; Boolean values can be set to either:
 ;    true, on, yes
 ; or false, off, no, none
-register_globals = off
+html_errors = off
 track_errors = yes
 
 ; you can enclose strings in double-quotes

NEWS

@@ -12,6 +12,7 @@
   time are allocated in a single copy and never changed. (Dmitry)
 - Added an optimization which saves memory and emalloc/efree calls for empty
   HashTables (Stas, Dmitry)
+
 - Added Tokyo Cabinet abstract DB support to ext/dba. (Michael Maclean)
 - Added Jenkins's one-at-a-time hash support to ext/hash. (Martin Jansen)
 - Added FNV-1 hash support to ext/hash. (Michael Maclean)
@@ -30,6 +31,7 @@
 
 - Removed legacy features: (Kalle)
   . define_syslog_variables ini option and its associated function.
+  . register_globals.
   . register_long_arrays ini option.
   . y2k_compliance ini option.
 

README.input_filter

@@ -19,9 +19,7 @@ A simple implementation might look like the following.  This stores the
 original raw user data and adds a my_get_raw() function while the normal
 $_POST, $_GET and $_COOKIE arrays are only populated with stripped
 data.  In this simple example all I am doing is calling strip_tags() on
-the data.  If register_globals is turned on, the default globals that
-are created will be stripped ($foo) while a $RAW_foo is created with the
-original user input.
+the data.
 
 ZEND_BEGIN_MODULE_GLOBALS(my_input_filter)
         zval *post_array;
@@ -155,8 +153,6 @@ PHP_FUNCTION(my_get_raw)
     int var_len;
     zval **tmp;
     zval *array_ptr = NULL;
-    HashTable *hash_ptr;
-    char *raw_var;
 
     if(zend_parse_parameters(2 TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
         return;
@@ -174,23 +170,15 @@ PHP_FUNCTION(my_get_raw)
             break;
     }
 
-    if(!array_ptr) RETURN_FALSE;
-
-    /*
-     * I'm changing the variable name here because when running with register_globals on,
-     * the variable will end up in the global symbol table
-     */
-    raw_var = emalloc(var_len+5);  /* RAW_ and a \0 */
-    strcpy(raw_var, "RAW_");
-    strlcat(raw_var,var,var_len+5);
-    hash_ptr = HASH_OF(array_ptr);
+    if(!array_ptr) {
+        RETURN_FALSE;
+    }
 
-    if(zend_hash_find(hash_ptr, raw_var, var_len+5, (void **)&tmp) == SUCCESS) {
+    if(zend_hash_find(HASH_OF(array_ptr), var, var_len+5, (void **)&tmp) == SUCCESS) {
         *return_value = **tmp;
         zval_copy_ctor(return_value);
     } else {
         RETVAL_FALSE;
     }
-    efree(raw_var);
 }
 

Zend/tests/unset_cv06.phpt

@@ -3,27 +3,20 @@ unset() CV 6 (indirect unset() of global variable in session_unset())
 --SKIPIF--
 <?php include(dirname(__FILE__).'/../../ext/session/tests/skipif.inc'); ?>
 --INI--
-register_globals=1
 session.auto_start=0
 session.save_handler=files
 --FILE--
 <?php
-$x = "1\n";
 session_start();
-echo $x;
-session_register('x');
-$_SESSION['x'] = "2\n";
-echo $x;
+$_SESSION['x'] = "1\n";
+echo $_SESSION['x'];
+
 session_unset();
-echo $x;
+echo $_SESSION['x'];
 echo "ok\n";
 ?>
 --EXPECTF--
-Warning: Directive 'register_globals' is deprecated in PHP %d.%d and greater in Unknown on line 0
 1
 
-Deprecated: Function session_register() is deprecated in %s on line %d
-2
-
-Notice: Undefined variable: x in %sunset_cv06.php on line %d
+Notice: Undefined index: x in %sunset_cv06.php on line %d
 ok

ext/filter/filter.c

@@ -450,8 +450,6 @@ static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int
 		orig_var = estrdup(var);
 
 		/* Store the RAW variable internally */
-		/* FIXME: Should not use php_register_variable_ex as that also registers
-		 * globals when register_globals is turned on */
 		Z_STRLEN(raw_var) = val_len;
 		Z_STRVAL(raw_var) = estrndup(*val, val_len);
 		Z_TYPE(raw_var) = IS_STRING;
@@ -461,8 +459,6 @@ static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int
 
 	if (val_len) {
 		/* Register mangled variable */
-		/* FIXME: Should not use php_register_variable_ex as that also registers
-		 * globals when register_globals is turned on */
 		Z_STRLEN(new_var) = val_len;
 		Z_TYPE(new_var) = IS_STRING;
 
@@ -537,7 +533,6 @@ static zval *php_filter_get_storage(long arg TSRMLS_DC)/* {{{ */
 
 {
 	zval *array_ptr = NULL;
-	zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals));
 
 	switch (arg) {
 		case PARSE_GET:
@@ -550,13 +545,13 @@ static zval *php_filter_get_storage(long arg TSRMLS_DC)/* {{{ */
 			array_ptr = IF_G(cookie_array);
 			break;
 		case PARSE_SERVER:
-			if (jit_initialization) {
+			if (PG(auto_globals_jit)) {
 				zend_is_auto_global("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
 			}
 			array_ptr = IF_G(server_array);
 			break;
 		case PARSE_ENV:
-			if (jit_initialization) {
+			if (PG(auto_globals_jit)) {
 				zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
 			}
 			array_ptr = IF_G(env_array);

ext/mbstring/mb_gpc.c

@@ -151,7 +151,6 @@ MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
 
 	info.data_type              = arg;
 	info.separator              = separator; 
-	info.force_register_globals = 0;
 	info.report_errors          = 0;
 	info.to_encoding            = MBSTRG(internal_encoding);
 	info.to_language            = MBSTRG(language);
@@ -210,13 +209,6 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_
 	mbfl_string_init_set(&resvar, info->to_language, info->to_encoding);
 	mbfl_string_init_set(&resval, info->to_language, info->to_encoding);
 
-	/* register_globals stuff
-	 * XXX: this feature is going to be deprecated? */
-
-	if (info->force_register_globals && !(prev_rg_state = PG(register_globals))) {
-		zend_alter_ini_entry("register_globals", sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
-	}
-
 	if (!res || *res == '\0') {
 		goto out;
 	}
@@ -346,11 +338,6 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_
 	}
 
 out:
-	/* register_global stuff */
-	if (info->force_register_globals && !prev_rg_state) {
-		zend_alter_ini_entry("register_globals", sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
-	}
-
 	if (convd != NULL) {
 		MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
 		mbfl_buffer_converter_delete(convd);
@@ -376,7 +363,6 @@ SAPI_POST_HANDLER_FUNC(php_mb_post_handler)
 
 	info.data_type              = PARSE_POST;
 	info.separator              = "&";
-	info.force_register_globals = 0;
 	info.report_errors          = 0;
 	info.to_encoding            = MBSTRG(internal_encoding);
 	info.to_language            = MBSTRG(language);

ext/mbstring/mb_gpc.h

@@ -32,7 +32,6 @@
 typedef struct _php_mb_encoding_handler_info_t {
 	int data_type;
 	const char *separator;
-	unsigned int force_register_globals: 1;
 	unsigned int report_errors: 1;
 	enum mbfl_no_language to_language;
 	enum mbfl_no_encoding to_encoding;

ext/mbstring/mbstring.c

@@ -1896,7 +1896,6 @@ PHP_FUNCTION(mb_parse_str)
 
 	info.data_type              = PARSE_STRING;
 	info.separator              = PG(arg_separator).input; 
-	info.force_register_globals = (track_vars_array == NULL);
 	info.report_errors          = 1;
 	info.to_encoding            = MBSTRG(current_internal_encoding);
 	info.to_language            = MBSTRG(language);

ext/mbstring/tests/mb_parse_str.phpt

@@ -4,7 +4,6 @@ mb_parse_str()
 <?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
 --INI--
 arg_separator.input=&
-register_globals=0
 --FILE--
 <?php
 $queries = array(

ext/mbstring/tests/mb_parse_str02.phpt

@@ -4,7 +4,6 @@ mb_parse_str() test 2
 <?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
 --INI--
 arg_separator.input=&#
-register_globals=0
 --FILE--
 <?php
 $queries = array(

ext/session/session.c

@@ -131,76 +131,18 @@ PHPAPI void php_add_session_var(char *name, size_t namelen TSRMLS_DC) /* {{{ */
 		return;
 	}
 
-	/* Set up a proper reference between $_SESSION["x"] and $x. */
+	if (sym_track == NULL) {
+		zval *empty_var;
 
-	if (PG(register_globals)) {
-		zval **sym_global = NULL;
-
-		if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) {
-			if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
-				return;
-			}
-		}
-
-		if (sym_global == NULL && sym_track == NULL) {
-			zval *empty_var;
-
-			ALLOC_INIT_ZVAL(empty_var); /* this sets refcount to 1 */
-			Z_SET_REFCOUNT_P(empty_var, 0); /* our module does not maintain a ref */
-			/* The next call will increase refcount by NR_OF_SYM_TABLES==2 */
-			zend_set_hash_symbol(empty_var, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
-		} else if (sym_global == NULL) {
-			SEPARATE_ZVAL_IF_NOT_REF(sym_track);
-			zend_set_hash_symbol(*sym_track, name, namelen, 1, 1, &EG(symbol_table));
-		} else if (sym_track == NULL) {
-			SEPARATE_ZVAL_IF_NOT_REF(sym_global);
-			zend_set_hash_symbol(*sym_global, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
-		}
-	} else {
-		if (sym_track == NULL) {
-			zval *empty_var;
-
-			ALLOC_INIT_ZVAL(empty_var);
-			ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, empty_var, 1, 0);
-		}
+		ALLOC_INIT_ZVAL(empty_var);
+		ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, empty_var, 1, 0);
 	}
 }
 /* }}} */
 
 PHPAPI void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unserialize_data_t *var_hash TSRMLS_DC) /* {{{ */
 {
-	if (PG(register_globals)) {
-		zval **old_symbol;
-		if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) {
-			if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
-				return;
-			}
-
-			/* A global symbol with the same name exists already. That
-			 * symbol might have been created by other means (e.g. $_GET).
-			 *
-			 * hash_update in zend_set_hash_symbol is not good, because
-			 * it will leave referenced variables (such as local instances
-			 * of a global variable) dangling.
-			 *
-			 * BTW: if you use register_globals references between
-			 * session-vars won't work because of this very reason! */
-
-			REPLACE_ZVAL_VALUE(old_symbol,state_val,1);
-
-			/* The following line will update the reference table used for
-			 * unserialization.  It is optional, because some storage
-			 * formats may not be able to represent references. */
-
-			if (var_hash) {
-				PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash,state_val,*old_symbol);
-			}
-
-			zend_set_hash_symbol(*old_symbol, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
-		} else {
-			zend_set_hash_symbol(state_val, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
-		}
-	} else IF_SESSION_VARS() {
+	IF_SESSION_VARS() {
 		zend_set_hash_symbol(state_val, name, namelen, PZVAL_IS_REF(state_val), 1, Z_ARRVAL_P(PS(http_session_vars)));
 	}
 }
@@ -212,20 +154,6 @@ PHPAPI int php_get_session_var(char *name, size_t namelen, zval ***state_var TSR
 
 	IF_SESSION_VARS() {
 		ret = zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, (void **) state_var);
-
-		/* If register_globals is enabled, and
-		 * if there is an entry for the slot in $_SESSION, and
-		 * if that entry is still set to NULL, and
-		 * if the global var exists, then
-		 * we prefer the same key in the global sym table. */
-
-		if (PG(register_globals) && ret == SUCCESS && Z_TYPE_PP(*state_var) == IS_NULL) {
-			zval **tmp;
-
-			if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
-				*state_var = tmp;
-			}
-		}
 	}
 	return ret;
 }
@@ -546,7 +474,7 @@ static void php_session_save_current_state(TSRMLS_D) /* {{{ */
 	int ret = FAILURE;
 
 	IF_SESSION_VARS() {
-		if (PS(bug_compat) && !PG(register_globals)) {
+		if (PS(bug_compat)) {
 			HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
 			HashPosition pos;
 			zval **val;
@@ -564,7 +492,7 @@ static void php_session_save_current_state(TSRMLS_D) /* {{{ */
 			}
 
 			if (do_warn && PS(bug_compat_warn)) {
-				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively");
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively");
 			}
 		}
 
@@ -1895,20 +1823,6 @@ static PHP_FUNCTION(session_unset)
 		SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
 		ht = Z_ARRVAL_P(PS(http_session_vars));
 
-		if (PG(register_globals)) {
-			uint str_len;
-			char *str;
-			ulong num_key;
-			HashPosition pos;
-
-			zend_hash_internal_pointer_reset_ex(ht, &pos);
-
-			while (zend_hash_get_current_key_ex(ht, &str, &str_len, &num_key, 0, &pos) == HASH_KEY_IS_STRING) {
-				zend_delete_global_variable(str, str_len - 1 TSRMLS_CC);
-				zend_hash_move_forward_ex(ht, &pos);
-			}
-		}
-
 		/* Clean $_SESSION. */
 		zend_hash_clean(ht);
 	}