1

I have a PHP script like this:

<?php
include 'authorization_script.php';

foreach ($_POST as $key => $value){
    //do something here
}
?>

The problem is if the "authorization_script.php" is passed a $_POST variable with only a numeric name, the script will crash. Instead of fixing that issue, I just wish to make sure no $_POST variables are ever passed to the include script.

For it to work this "authorization_script" does not need any external variables, but since $_POST variables are global by default, they are passed to this script. It was suggested in one of my previous questions that I can solve this problem with name spaces in PHP.

Could I change the namespace of the $_POST variables so that they are not passed to the include script? If so, can someone help on how to do that? Or is there a better way?

Thx

EDIT: Instead of hacking my way out of this by renamig the $_POST variable, like a few of you have suggested I should fix the real problem. This is an AJAX script inside a Joomla website. When I call this ajax script I still want to authenticate the user, then grade credentials from the local database. The way I found to authenticate users from the AJAX script is like this:

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');

/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
    die("Access denied: login required.");

I think the error is being thrown form inside the joomla framework script (line 528 on this script).

Any ideas of a better way to authenticate the users from experienced Joomla people?

Improve this question
5
  • 2
    Surely it would just be better to fix the actual problem? Why does your script crash? What error messages are you given? Commented Dec 21, 2011 at 16:26
  • Once you foreach the $_POST array into another array, why don't you just unset($_POST);? Commented Dec 21, 2011 at 16:28
  • @SourLemon The problem is part of the Joomla functions I am calling from "authorization_script.php". For now I would rather not change that. Commented Dec 21, 2011 at 16:33
  • @wanovak - That is not a bad idea. Thanks! Commented Dec 21, 2011 at 16:34
  • now after the update this is a totally new question, you should potentially handle it like that and open a new thread? Commented Dec 21, 2011 at 17:42

3 Answers 3

Reset to default
3

or if you dont want to fix your include script, you could do this awful hack:

<?php
// watch this ugly hack
$post_hack = $_POST;
unset($_POST);
include 'authorization_script.php';
$_POST = $post_hack;

foreach ($_POST as $key => $value){
    //do something here
}
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Could I change the namespace of the $_POST variables so that they are not passed to the include script?

No. Globals are global regardless of namespace.

Or is there a better way?

Fix the include script. You should endeavour to make your code resilient to bad input -- especially code that performs authorization.

Improve this answer

1 Comment

Yes I agree. So although some good hacks were suggested that would probably work, I think I will try to fix the real problem. (see edit above)
0

Right this is very ugly, but should fix it:

<?php
$aPost = $_POST;
unset($_POST);
include 'authorization_script.php';

foreach ($aPost as $key => $value){
    //do something here
}
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.