{"id":45,"date":"2019-05-21T00:46:00","date_gmt":"2019-07-21T00:46:00","guid":{"rendered":"http:\/\/pro369.com\/sale\/?p=45"},"modified":"2019-05-21T00:46:00","modified_gmt":"2019-07-21T00:46:00","slug":"%e8%a7%a3%e9%96%8b%ef%bc%9aregister-globals%e6%87%89%e8%a9%b2%e6%98%af%ef%bc%9aon%e6%88%96%e6%98%afoff%e7%9a%84%e7%96%91%e6%83%91","status":"publish","type":"post","link":"https:\/\/por.tw\/sale\/%e8%a7%a3%e9%96%8b%ef%bc%9aregister-globals%e6%87%89%e8%a9%b2%e6%98%af%ef%bc%9aon%e6%88%96%e6%98%afoff%e7%9a%84%e7%96%91%e6%83%91\/","title":{"rendered":"\u89e3\u958b\uff1aregister_globals\u61c9\u8a72\u662f\uff1aON\u6216\u662fOFF\u7684\u7591\u60d1"},"content":{"rendered":"

\u89e3\u958b\uff1aregister_globals\u61c9\u8a72\u662f\uff1aON\u6216\u662fOFF\u7684\u7591\u60d1<\/span><\/span><\/span><\/p>\n

\u8cfc\u7269\u7db2\u7ad9\u67b6\u8a2d\u6642\uff1aOscommerce \u5b89\u88dd\u4e00\u958b\u59cb\uff0c\u82e5\u662f\u539f\u59cb\u78bc register_globals = Off\u662f\u7121\u6cd5\u5b89\u88dd\u7684\u3002<\/span><\/p>\n

<\/span><\/span>\u5982\u679c\u4f60\u662f\u79df\u7528\u865b\u64ec\u4e3b\u6a5f\uff08\u4e0d\u80fd\u81ea\u5df1\u4fee\u6539php.ini\u6642\uff09\u4e0d\u59a8\u8003\u616e\u5b89\u88dd\uff1aTwe-Commercs
\u56e0\u70baTwe-Commercs\u525b\u597d\u76f8\u53cd\uff01register_globals = Off\u662f\u53ef\u4ee5\u5b89\u88dd\u7684\uff01<\/span><\/span><\/span><\/span><\/strong><\/span><\/p>\n

\u8cfc\u7269\u7db2\u7ad9\u67b6\u8a2d\u6642\uff1aZenCart \u5b89\u88dd\u4e00\u958b\u59cb\uff0c\u82e5\u662f\u539f\u59cb\u78bc register_globals = On \u6703\u51fa\u73fe\u5b89\u5168\u554f\u865f\u3002<\/span><\/span><\/span><\/p>\n

\u5165\u53e3\u5167\u5bb9\u7ad9\u67b6\u8a2d\u6642\uff1aJoomla \u5b89\u88dd\u4e00\u958b\u59cb\uff0c\u82e5\u662f\u539f\u59cb\u78bc register_globals = On  \u662f\u7121\u6cd5\u5b89\u88dd\u7684\u3002<\/span><\/span><\/span><\/p>\n

\u90a3 register_globals \u61c9\u8a72\u662f\uff1aON\u6216\u662fOFF\u624d\u597d\u5462\uff1f<\/span><\/span><\/span><\/p>\n

\u7528Google\u641c\u5c0b\u5230\u9019\u7bc7\u6587\u7ae0\uff0c\u6216\u8a31\u53ef\u4ee5\u89e3\u958b\u5927\u5bb6\u7684\u7591\u60d1\u3002<\/span><\/span><\/span><\/p>\n

2006-09-05 PHP\u591a\u9805\u672a\u6307\u660e\u7684\u6f0f\u6d1e ( \u8cc7\u6599\u4f86\u6e90\uff1aSecurityFocus )
<\/span><\/span>PHP \u5728zend_hash_del()\u7684\u529f\u80fd\u4e2d\u767c\u73fe\u4e00\u500b\u5f31\u9ede\u3002\u5c0d\u65bc\u4fe1\u4efb\u4f7f\u7528unset\u51fd\u6578\u7684PHP\u7a0b\u5f0f\uff0c\u653b\u64ca\u8005\u53ef\u4ee5\u7528\u66b4\u529b\u6cd5\u50b3\u905e\u4efb\u610f\u521d\u59cb\u5316\u7684\u51fd\u6578\u3002
\u9019\u500b\u6f0f\u6d1e\u5c0d\u65bc\u5c07\u53c3\u6578register_globals\u9810\u8a2d\u70ba\u300c\u958b\u555f(enable) \u300d\u7684\u7cfb\u7d71\u5f71\u97ff\u7279\u5225\u660e\u986f\uff0c\u5728Red Hat Enterprise Linux\u4e2dregister_globals\u9810\u8a2d\u6210\u300c\u95dc\u9589 (disable)<\/span><\/span><\/span><\/span><\/p>\n

\u56e0\u6b64\u8981\u628aregister_globals\u8a2d\u70baOn\uff0c\u53c8\u80fd\u5b89\u88dd\u6216\u662f\u4f7f\u7528Oscommerce\uff0c\u53ef\u4ee5\u4e0b\u8f09patch\u6a94\u5f8c\u8986\u84cb\u3002<\/span><\/span><\/span><\/p>\n

\u5b83\u7684 readme \u8aaa\u660e\u6a94\u5982\u4e0b:<\/span><\/span><\/span><\/p>\n

\u5f15\u7528:
CHANGES TO REMOVE register_globals REQUIREMENT – V 1.5 – Richard Bentley 01\/09\/2006
———————————————————————————–<\/span><\/span><\/span><\/p>\n

Before proceding, read the README file !<\/span><\/span><\/span><\/p>\n

In this directory, you will find a set of files that have been pre-patched. The net result
is exactly the same as applying the patch instructions yourself.<\/span><\/span><\/span><\/p>\n

There are 13 files in total that have replacements. These are as follows :<\/span><\/span><\/span><\/p>\n

Admin…
———
…\/admin\/products_attributes.php
…\/admin\/includes\/application_top.php
…\/admin\/includes\/functions\/general.php
…\/admin\/includes\/functions\/sessions.php<\/span><\/span><\/span><\/p>\n

On a default installation of OSC, the 'admin' directory is actually contained within the
'catalog' directory (ie …\/catalog\/admin\/), but I have split it out here to make the
division clearer (as an aside, you will find that if you move admin\/ out of catalog\/,
it makes the admin section somewhat more straightforward to secure, but this is outside
the scope of this patch)<\/span><\/span><\/span><\/p>\n

Catalogue…
————
…\/catalog\/install\/includes\/application.php<\/span><\/span><\/span><\/p>\n

NOTE: If you have already installed OSC (ie – run through the installation procedure),
—- then the above file may not exist (in which case you should not add it back in
with the replacement file); once installation of OSC is complete, you should
delete the whole of the …\/catalog\/install\/ directory – it is not needed after
installation and having it hanging around is a security risk<\/span><\/span><\/span><\/p>\n

…\/catalog\/includes\/application_top.php
…\/catalog\/include\/classes\/order.php
…\/catalog\/includes\/functions\/general.php
…\/catalog\/includes\/functions\/gzip_compression.php
…\/catalog\/includes\/functions\/sessions.php
…\/catalog\/includes\/languages\/english\/password_forgotten.php
…\/catalog\/includes\/languages\/espanol\/password_forgotten.php
…\/catalog\/includes\/languages\/german\/password_forgotten.php<\/span><\/span><\/span><\/p>\n

NOTE: I have NOT included a pre-patched version of the easypopulate file. This is because
—- it will probably be out of date by the time you read this. Instead, if you need to
patch easypopulate (if it STILL needs patching, and by now it really should have been
reworked so that it doesn't need patching) then refer to the manual patching
instructions (the very last entry in the admin_patch text file will tell you what
you need to do – it's very simple… honest)<\/span><\/span><\/span><\/p>\n

=======================================================
>>> WARNING <<<<\/span><\/span><\/span><\/p>\n

These files are based on the MS 2.2 release, dated 17\/09\/2006 (ie – the
security\/bugfix update #2 to the original MS 2.2). If you are using some other version
of OSC then I strongly suggest you apply this patch manually and NOT use these pre-patched
files. The exception to this is the security\/bugfix release 13\/11\/2005; it is ok
to patch this version directly with these files; see the README file for more details<\/span><\/span><\/span><\/p>\n

=======================================================
>>> WARNING <<<<\/span><\/span><\/span><\/p>\n

If you have already applied some other changes (contributions\/patches) to your OSC code
then make sure you are not blatting over those changes by copying these files over. If in
doubt then I strongly suggest you use the manual instructions in the 'patch_instructions'
directory and apply the patch line by line; despite what many people say, it really
doesn't take very long – it took me about 20 minutes!<\/span><\/span><\/span><\/p>\n

=======================================================
INSTALLATION
————<\/span><\/span><\/span><\/p>\n

1\/ Copy the above files to their appropriate places in your existing OSC code tree<\/span><\/span><\/span><\/p>\n

2\/ Make sure you set the permissions of the replacement files appropriately for the
environment you are using. If you fancy getting the shit hacked out of you then
feel free to set permissions of '777'. If you fancy something a tad more secure
then I suggest engaging brain and thinking about it \ud83d\ude42
If you don't KNOW how to set some sensible file pemissions then find yourself
a good text book and learn how to use your computer<\/span><\/span><\/span><\/p>\n

3\/ It's been mentioned in the README file already, but once you have made this
change, you MUST disable the register_globals option in php.ini<\/span><\/span><\/span><\/p>\n

ie, in php.ini :<\/span><\/span><\/span><\/p>\n

register_globals = Off<\/span><\/span><\/span><\/p>\n

=======================================================<\/span><\/span><\/span><\/p>\n

\u53c3\u8003\u4e0b\u8f09\u7db2\u9801\uff1a<\/span> <\/span><\/span><\/span>http:\/\/www.oscommerce.com\/community\/contributions,2097\/category,all\/search,register_globals<\/span><\/span><\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\u89e3\u958b\uff1aregister_globals\u61c9\u8a72\u662f\uff1aON\u6216\u662fOFF\u7684\u7591\u60d1 \u8cfc\u7269\u7db2\u7ad9\u67b6\u8a2d\u6642\uff1aOscommerce \u5b89\u88dd […]<\/p>\n","protected":false},"author":1,"featured_media":625,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[22],"tags":[],"_links":{"self":[{"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/posts\/45"}],"collection":[{"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/comments?post=45"}],"version-history":[{"count":0,"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/posts\/45\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/media\/625"}],"wp:attachment":[{"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/media?parent=45"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/categories?post=45"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/por.tw\/sale\/wp-json\/wp\/v2\/tags?post=45"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}