First some background: I'm working on a non-threads related article system that I use on my own site and am doing quite extensive extensions at the moment. It can be found on
sourceforge.
The current released version doesn't work with register globals set to off, but while making the next version I thought I'd try to make it work with that option since I'm doing a lot of changes anyway.
Now, to my question. Since the scripts work with register globals on I want to go the easy way and use a function to read the values that are used in the script. But I don't want to read all values, since it wouldn't increase security. So I wrote the following function:
code:
function getCGIVars($vars) {
$cgivars = Array();
while (list($key, $var) = each($vars)) {
$cgivars[$var] = $_GET[$var];
if ($_POST[$var]) $cgivars[$var] = $_POST[$var];
}
return $cgivars;
}
What it does is take an array with the names of all values that should be read and returns an array with those GET or POST values. If there are both GET and POST values of the same name, the value of the POST will be used. After calling this function with the wanted values, I only have to use extract() on the returned array to get those values in the script.
Can anyone think of any security issues with this function? Using it, I can decide which values to read in each script without having to add a line for each.
