[nycphp-talk] Dynamically write functions
Dan Cech
dcech at phpwerx.net
Fri May 13 12:29:08 EDT 2005
Frank,
What you could do is to make a helper function like:
function &get_globals()
{
return array(
'var1' => $GLOBALS['var1'],
'var2' => $GLOBALS['var2']
);
}
then use:
function myfunc()
{
extract(get_globals(),EXTR_REFS);
// code
}
This way you will have all the same access to the variables that you had
before, and full control over which variables are available.
Dan
Frank Wong wrote:
>> Just be careful when using extract() as it is one of those functions you
>> look for when checking for exploitable code. ;) For example, I have
>> seen nasty stuff like extract($_POST) which is register_globals all over
>> again.
>
> Thanks for the heads up on extract. But do you see any security issues
> with extract($_GLOBALS)?
More information about the talk
mailing list