karwacki Posted December 22, 2010 Share Posted December 22, 2010 My local IT department is migrating to a "hardened" LAMP/PHP environment. The PHP application at http://library.uww.edu/php/showrp.php is being moved to this new "hardened" environment and the "Title/Subject/Issue:" search option does not work in this environment. The "Title/Subject/Issue:" search option does however work within the "non-hardened" environment at http://library.uww.edu/php/showrp.php. Attached is the source code for the showrp.php. What is likely causing the failure of the "Title/Subject/Issue:" search option. [attachment deleted by admin] Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/ Share on other sites More sharing options...
BlueSkyIS Posted December 22, 2010 Share Posted December 22, 2010 we need more than "does not work". what doesn't work? are there any errors? what happens? Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1150459 Share on other sites More sharing options...
karwacki Posted December 30, 2010 Author Share Posted December 30, 2010 I have attached the error report. From PHP 5.0.3 and after, predefined arrays such HTTP_GET_VARS are disabled by default. My IT department will NOT change the value of the "register_long_arrays" setting to "On" (due to performance issues). The IT department suggested a search-n-replace to change “$HTTP_GET_VARS” with “$_GET” or “$HTTP_POST_VARS” with “$_POST.” This did not work. So the problem has been re-defined as the need to change how HTTP_GET_VARS and HTTP_POST_VARS are being handled (as shared in the original source code). Any ideas? [attachment deleted by admin] Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153057 Share on other sites More sharing options...
Pikachu2000 Posted December 30, 2010 Share Posted December 30, 2010 Best guess without seeing the code would be that register_globals was also on in the old environment. Thus, as a result of it not being on in the new environment, none of the variables derived from POST and GET are assigned values any longer. Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153069 Share on other sites More sharing options...
karwacki Posted December 30, 2010 Author Share Posted December 30, 2010 The source code was an attachment to my first e-mail message and I have pasted it below as well. <?php @ require ("xx.xxx.php"); $limit = 50; $pageLimit = 20; $t = " "; $CLASS = 'lib'; $defineArt = 'Title'; if (!$page = $HTTP_GET_VARS ) { $page = 1; } $start = ($page - 1) * $limit; $title = htmlspecialchars($HTTP_GET_VARS[title]); $cleantitle = stripslashes($title); $name = htmlspecialchars($HTTP_GET_VARS[nom]); $cleanname = stripslashes($name); $browse = htmlspecialchars($HTTP_GET_VARS[browse]); // (roles Author Compiler Illustrator Photographer Subject VIP) use. $descrip = array("a" => "Illustrations", "b" => "Photographs", "c" => "Portraits", "d" => "Maps", "e" => "Charts", "f" => "Music", "g" => "Forms", "h" => "Facsimiles", "i" => "Plans", "j" => "GenealTables", "k" => "Samples"); // OPEN MYSQL CONNECTION $conn = mysql_connect($host, $user, $pass); mysql_select_db($db, $conn); // ARRAY DISTINCT DECADES YEARS MONTHS DAYS $year_q = @ mysql_query("select distinct YMD from xxxxxxxx1 order by YMD"); while ($rw = mysql_fetch_row($year_q)) { $ymd[] = $rw[0]; } foreach($ymd as $y_m_d) { list($y, $m, $d) = split("-", $y_m_d); $de = substr($y, 0, 3); $dec_yr_mon_day[$de][$y][$m][] = $d; } //PAGE TITLE $page_title = "Royal Purple Index: "; if ($title || $name) { $page_title .= "Search("; if ($title) { $page_title .= " $cleantitle"; } if ($name) { $page_title .= " $cleanname"; } $page_title .= " )"; } else if ($browse) { if (strlen($browse) == 3) { $page_title .= $browse.'0s'; } else { $page_title .= $browse; } } else { $page_title .= substr(end($ymd), 0, 3).'0s '; } $page_title .= " / Page $page"; $WHERE = ""; if ($title) { $WHERE = "WHERE (xxxxxxxx1.ArticleTitle LIKE '"; if ($HTTP_GET_VARS[stype] != "^") { $WHERE .= "%"; } $WHERE .= "$title%' OR xxxxxxxx1.ArticleSubtitle LIKE '%$title%' OR xxxxxxxx1.Subject1 LIKE '%$title%' OR xxxxxxxx1.Subject2 LIKE '%$title%' OR xxxxxxxx1.Subject3 LIKE '%$title%' OR xxxxxxxx1.YMD LIKE '%$title%' OR xxxxxxxx1.Notes LIKE '%$title%')"; } if ($name) { $name = trim($name," .\n"); $name = preg_replace("/[\s,\.]+/",',',$name); list($Lname,$Fname,$Mname) = split("[,. ]", $name); $Lname=trim($Lname); if ($WHERE != "") { $WHERE .= " AND xxxxxxx2.LastName LIKE '"; } else { $WHERE = "WHERE xxxxxxx2.LastName LIKE '"; } $WHERE = "INNER JOIN xxxxxxx2 USING(ID) ".$WHERE; if ($_GET[role] == "r") { $more = "(xxxxxxx2.Role LIKE '%Subject%' OR xxxxxxx2.Role LIKE '%VIP%')"; } else { $more = "xxxxxxx2.Role NOT LIKE '%Subject%' AND xxxxxxx2.Role NOT LIKE '%VIP%'"; } if ($Mname) { $Mname = trim($Mname); $Fname = trim($Fname); $WHERE .= "$Lname%' AND xxxxxxx2.FirstName LIKE '$Fname%' AND xxxxxxx2.MIddleInitial LIKE '$Mname%' AND $more"; } else if ($Fname) { $Fname = trim($Fname); $WHERE .= "$Lname%' AND xxxxxxx2.FirstName LIKE '$Fname%' AND $more"; } else { $WHERE .= "$Lname%' AND $more"; } } if ($title == '' && $name == '' && $browse == '') { $browse = substr(end($ymd), 0, 3); } if ($browse != "") { $WHERE = "WHERE xxxxxxxx1.YMD "; $WHERE .= "LIKE '$browse%'"; } // else if ($title == '' && $name == '' && $browse == '') { // $browse = substr(end($ymd), 0, 3); // } $WHERE .= " ORDER BY xxxxxxxx1.YMD DESC, xxxxxxxx1.ArticleTitle ASC"; $role_value = ""; if ($HTTP_GET_VARS[role] == "r") { $role_value = "checked='checked' "; } $main_content = <<< EOF <!-- BEGIN MAIN CONTENT HERE --> <div><!--BEGIN xxxxxx4 --> <form method="get" name="search" id="search_x" action="<?php echo $PHP_SELF;?>"> <table style="margin-left: auto; margin-right: auto;"> <tr> <td> <label for="title" accesskey="T">Title/Subject/Issue: </label> <input type="text" size="40" name="title" id="title" value="$cleantitle" /> </td> <td> <label for="nom" accesskey="A">Name: </label> <input type="text" size="40" name="nom" id="nom" value="$cleanname" /> </td> </tr> <tr> <td> Issue: YYYY-MM-DD numeric date format </td> <td> Name: Lastname, Firstname. Default as Author, Photographer, Illustrator, etc. </td> </tr> <tr> <td> </td> <td> <label for="role">as Subject: </label> <input type="checkbox" name="role" id="role" value="r" $role_value /> </td> </tr> <tr> <td colspan="2" style="text-align: right; padding-right: 5em;"><input type="submit" value="search" /><input type="button" value="Reset" onclick="clearAll()" /> </td> </tr> </table> </form> <h1>Royal Purple Index: Electronic & Print</h1> EOF; $decadeYear = buildNav($browse,$dec_yr_mon_day); $main_content .='<div id="info"><h4><a href="http://www.royalpurplenews.com">Most current issue of Royal Purple</a></h4></div>'; $main_content .='<div id="RPresults">'; $main_content .=$decadeYear; if ($WHERE != "") { $query = "SELECT DISTINCT xxxxxxxx1.ID, xxxxxxxx1.ArticleTitle, xxxxxxxx1.ArticleSubtitle, xxxxxxxx1.Volume, xxxxxxxx1.Issue, xxxxxxxx1.YMD, xxxxxxxx1.SectionTitle, xxxxxxxx1.Pages, xxxxxxxx1.Descr, xxxxxxxx1.Subject1, xxxxxxxx1.Subject2, xxxxxxxx1.Subject3, xxxxxxxx1.Notes FROM xxxxxxxx1 $WHERE"; //H2RESULTS if ($HTTP_GET_VARS[showall] != "true") { $query .= " LIMIT $start,$limit"; } else {$start = '0';} $result = @ mysql_query($query); $date = mysql_result(mysql_query("SELECT Last FROM xxxxxxx3 WHERE ID = '1'"), 0); $totalCount = @ mysql_result(mysql_query("SELECT COUNT(DISTINCT xxxxxxxx1.ID) FROM xxxxxxxx1 $WHERE"), 0); $count = @ mysql_num_rows($result); if ($HTTP_GET_VARS[showall] == "true") { $page_title = substr($page_title,0,strrpos($page_title,"/")+2); $page_title .=$totalCount." Results"; } if($totalCount < $count) {$count = $totalCount;} if ($count != 0) { if ($title || $name) { $h2results = "<h2>Results (".($start + 1)."-".($start + $count)." of $totalCount) <br /> for "; if ($title) { $h2results .= " Title: <i>$cleantitle</i>"; } if ($name) { $h2results .= " Name: <i>$cleanname</i>"; } $h2results .= "</h2>"; } else { $h2results = "<h1>"; $h2results = "<h2>Results (".($start + 1)."-".($start + $count)." of $totalCount) <br /> for "; if(strlen($browse) == 3) {$h2results .= $browse.'0s';} else {$h2results .=$browse;} $h2results .= "</h2>"; } $out=$h2results.'</div><!-- navbar -->'; //SHOWALLFORM if ($totalCount >= $limit && $HTTP_GET_VARS[showall] != "true") { if(strlen($browse) != 3) { $showallform = "<div id=\"showallform\"><form method='get' action='".$_SERVER['PHP_SELF']."' style='padding: 0; margin: 0;'>Result pages (".(ceil($totalCount / $limit))."): "; foreach (array_keys($HTTP_GET_VARS) as $tmpArray) { $showallform .= "<input type='hidden' name='$tmpArray' value='".$HTTP_GET_VARS[$tmpArray]."' />"; } // foreach array_keys $showallform .= "<input type='hidden' id='sum' name='sum' value=".$totalCount." /><input type='hidden' name='showall' value='true' /><input id='submitall' type='submit' value='Show all' /></form>"; } elseif(strlen($browse) == 3) { $showallform = "<div id=\"showallform\">Result pages (".(ceil($totalCount / $limit))."): <br />"; } if ($page <= 1) { $pageStart= 0; } else { $showallform .= buildLink($page - 1, "Previous")." | "; } $pageStart = $page - ($pageLimit / 2) - 1; if ($pageStart < 1) { $pageStart = 0; }; for ($i = $pageStart; $i < ($page + ($pageLimit / 2) - 5) && $i * $limit < $totalCount; $i++) { if ($i != $pageStart) { $showallform .= " | "; } if ($page != ($i + 1)) { $showallform .= buildLink($i + 1); } else { $showallform .= "<strong>".($i + 1)."</strong>"; } } //for $i if ($page * $limit < $totalCount) { $showallform .= " | ".buildLink($page + 1, "Next"); } $showallform .= "</div><!-- showallform -->"; } // if $totalCount $out .= $showallform."<br />"; //TABLE $out .= "\n<table id='rparts' cellspacing='0' border='1' summary =' '><tr><th style='width: 50%'>RP Article</th><th><div id='lft'>Subjects/Names</div><div id='rte'>*=important</div></th></tr>\n"; $lastrpID=""; while ($row = mysql_fetch_row($result)) { $ID = $row[0]; if($ID != $lastrpID) { $ArticleTitle = $row[1]; $ArticleSubtitle = $row[2]; $Volume = trim($row[3]); $Issue = trim($row[4]); $YMD = $row[5]; $SectionTitle = $row[6]; $Pages = $row[7]; $Descr = trim($row[8]); $Subject1 = trim($row[9]); $Subject2 = trim($row[10]); $Subject3 = trim($row[11]); $Notes = trim($row[12]); $span = ""; if(!$SectionTitle) {$SectionTitle='';$slash="";} else {$slash=' / ';} $out .= " <tr ><td><dl><dt>$defineArt</dt><dd>$ArticleTitle"; if ($ArticleSubtitle) { $out .= " ($ArticleSubtitle)"; } $out .='</dd>'; $out .= "<dt>Royal Purple $YMD</dt>"; //want to insert authors here $p1query = "SELECT * FROM xxxxxxx2 WHERE ID='$ID' and Role not like upper('%Subject%') and Role not like upper('%VIP%') order by LastName"; $p1result = mysql_query($p1query); // // 0 ID; 1 LastName; 2 FirstName; 3 MiddleInitial; 4 NickName; 5 Role // // while ($p1row = mysql_fetch_row($p1result)) { // $P1LastName = trim($p1row[1]); // if ($p1row[2] != "") { // $P1LastName .=", $p1row[2] $p1rowp[3] $p1row[5]"; // } // else { // $P1LastName .= " $p1row[5]"; // } // $out .= "<dd>$P1LastName</dd>"; // } //while $p1row // // 0 ID; 1 LastName; 2 FirstName; 3 MiddleInitial; 4 NickName; 5 Role while ($p1row = mysql_fetch_row($p1result)) { $P1LastName = "$p1row[5] ".trim($p1row[1]); if ($p1row[3] != '') { $P1LastName .= ", $p1row[2] $p1row[3]"; } else if ($p1row[2] != "") { $P1LastName .= ", $p1row[2]"; } else { $P1LastName .= ""; } $out .= "<dd>$P1LastName</dd>"; } //While $p1row if ($Volume) { $out .= "<dd>vol. $Volume";} if ($Issue) { $out .= ", issue $Issue";} if ($Volume || $Issue) {$out .= "</dd>";} if ($Pages) { $out .= "<dd>Page $Pages$slash$SectionTitle</dd>";} if ($Descr) { $subdesc = preg_split('//', $Descr, -1, PREG_SPLIT_NO_EMPTY); $out .= "<dd>"; foreach ($subdesc as $val) { $out .= "$descrip[$val]. "; } $out .="</dd>"; } if ($Notes) {$out .= "<dt>Note</dt><dd>$Notes</dd>";} $out .= "</dl></td><td>\n"; if ($Subject1) {$br ='<br />';} else {$br='';} if ($Subject1) {$out .= "<dl><dt>Subjects:</dt><dd><ol><li>$Subject1</li>";} if ($Subject2) {$out .= "<li>$Subject2</li>";} if ($Subject3) {$out .= "<li>$Subject3</li>";} $pquery = "SELECT DISTINCT * FROM xxxxxxx2 WHERE ID='$ID' and (Role like upper('%Subject%') or Role like upper('%VIP%')) order by LastName"; $presult = mysql_query($pquery); $lastID = ""; // while ($prow = mysql_fetch_row($presult)) { // $PLastName = trim($prow[1]); // if ($prow[2] != "") { // $PLastName .=", $prow[2]"; // } // // $PID = $prow[0]; // if ($lastID != $PID) { // if ($lastID != "") { $out .= "</ol></dd></dl></td></tr><tr >\n"; } // $vip=trim($prow[5]); // if($vip !='VIP') {$vip="";} else {$vip="*";} // $out .= "</ol></dd><dt>Names as Subject:</dt><dd><ol><li>$PLastName$vip</li>"; // } // // else { $out .= "<li>$PLastName$vip</li>"; } // // $lastID = $PID; // // } //while $prow // while ($prow = mysql_fetch_row($presult)) { $PLastName = trim($prow[1]); if ($prow[3] != "") { $PLastName .= ", $prow[2] $prow[3]"; } else if ($prow[2] != "") { $PLastName .= ", $prow[2]"; } $PID = $prow[0]; if ($lastID != $PID) { if ($lastID != "") { $out .= "</ol></dd></dl></td></tr><tr >\n"; } $vip = trim($prow[5]); if ($vip != 'VIP') { $vip = ""; } else { $vip = "*"; $PLastName = trim($PLastName); } $out .= "</ol></dd><dt>Names as Subject:</dt><dd><ol><li>$PLastName$vip</li>"; } else { $out .= "<li>$PLastName$vip</li>"; } $lastID = $PID; } //while $prow $out .= "</ol></dd></dl></td>\n </tr>\n"; } //if $ID $lastrpID = $ID; } //while $row $out .= "</table><br />"; //SHOWALLFORMB, H2RESULTS, NAVBARB:decadeYear, $showallform = str_replace("showallform","showallformB",$showallform); $showallform .= $h2results; $out .= $showallform; $search=array('navbar','decade','year','month','day','myform'); $replace=array('navbarB','decadeB','yearB','monthB','dayB','myformB'); $decadeYear = str_replace($search,$replace,$decadeYear); $decadeYear .='</div><!-- navbarB --><br />'; $out .= $decadeYear; } // if $count!=0 else { $out .= "<br /><span id='big'>No records found</span></div><!-- navbar -->"; } } // if WHERE else { $out .= "<br /><span id='big'>No records found</span></div><!--navbar -->"; } $main_content .= $out."</div><!-- end of rpResults -->"; include('rp.tmpl.php'); function buildLink($linkPage, $title="") { if ($title == "") { $title = $linkPage; } global $HTTP_GET_VARS; if ($title == "") { $title = $linkPage; } $lReturn = "<a href='xxxxxx4.php?"; foreach (array_keys($HTTP_GET_VARS) as $tmpArray) { if ($tmpArray != "page") { $lReturn .= "$tmpArray=$HTTP_GET_VARS[$tmpArray]&"; } } if ($title == "(Show All)") { $lReturn .= "showall=true"; } else { $lReturn .= "page=$linkPage"; } $lReturn .= "'>$title</a>"; return $lReturn; } function buildNav($browse,$dec_yr_mon_day) { $startselect1 = '<div id="navbar"><form action="xxxxxx4.php" method="get" id="myform" name="myform">Decade: <select name="decade" id="decade">'; $startselect2 =" Year: <select name=\"year\" id=\"year\">"; $startselect3 =" Month: <select name=\"month\" id=\"month\">"; $startselect4 =" Day: <select name=\"day\" id=\"day\">"; $endselect1 = '</select>'; $endselect2 = '</select>'; $endselect3 = '</select>'; $endselect4 = '</select>'; $endform = '</form>'; $ddd=array_keys($dec_yr_mon_day); $yy=''; $mm=''; $dd=''; $all_select_yy='All'; $all_select_mm='All'; $all_select_dd='All'; switch (strlen($browse) ) { case 0: $end_ddd=''; break; case 3: //DDD DECADE $end_ddd=$browse; $all_select_yy='Select'; $yy=array_keys($dec_yr_mon_day[$end_ddd]); $end_yy=end($yy); break; case 4: //YYYY YEAR $end_ddd=substr($browse,0,3); $end_yy=$browse; $all_select_mm='Select'; $yy=array_keys($dec_yr_mon_day[$end_ddd]); $mm =array_keys($dec_yr_mon_day[$end_ddd][$end_yy]); $end_mm = end($mm); break; case 7: //YYYY-MM MONTH list($end_yy,$end_mm)=split('-',$browse); $end_ddd=substr($end_yy,0,3); $all_select_dd='Select'; $yy=array_keys($dec_yr_mon_day[$end_ddd]); $mm =array_keys($dec_yr_mon_day[$end_ddd][$end_yy]); $dd=$dec_yr_mon_day[$end_ddd][$end_yy][$end_mm]; $end_dd=end($dd); break; case 10: //YYYY-MM-DD DAY list($end_yy,$end_mm,$end_dd)=split('-',$browse); $end_ddd=substr($end_yy,0,3); $all_select_dd='All'; $yy=array_keys($dec_yr_mon_day[$end_ddd]); $mm=array_keys($dec_yr_mon_day[$end_ddd][$end_yy]); $dd=$dec_yr_mon_day[$end_ddd][$end_yy][$end_mm]; break; } $all_ddd='<option value="'.end($ddd).'">Select</option>'; $all_yy='<option value="'.$end_ddd.'">'.$all_select_yy.'</option>'; $all_mm='<option value="'.$end_yy.'">'.$all_select_mm.'</option>'; $all_dd='<option value="'.$end_yy.'-'.$end_mm.'">'.$all_select_dd.'</option>'; if($ddd) { foreach($ddd as $dec){ $select1 .= '<option value="'.$dec.'" '.($end_ddd==$dec?'selected="selected"':null).'>'.$dec.'0s'.'</option>'; if($end_ddd==$dec) { $all_ddd=''; } } } if(!$yy) { $all_yy=''; $startselect2=''; $endselect2=''; $select2 =' Years: <input type="text" name="year" id="year" size="3" value="All" readonly="readonly" />'; } else { foreach($yy as $yr) { $select2 .= '<option value="'.$yr.'" '.($browse==$yr?'selected="selected"':null).'>'.$yr.'</option>'; if(count($yy) == 1) { $browse=$yr; $mm =array_keys($dec_yr_mon_day[$end_ddd][$end_yy]); $end_mm = end($mm); $all_yy=''; $startselect2=''; $endselect2=''; $select2 =' Year: <input type="text" name="year" id="year" size="4" value="'.$yr.'" readonly="readonly" />'; } } } if(!$mm) { $all_mm=''; $startselect3=''; $endselect3=''; $select3 =' Months: <input type="text" name="month" id="month" size="3" value="All" readonly="readonly" />'; } else { foreach($mm as $mon) { $check=$browse; if(strlen($browse)>7) {$check=$end_yy.'-'.$end_mm;} $select3 .= '<option value="'.$end_yy.'-'.$mon.'" '.($check==$end_yy.'-'.$mon?'selected="selected"':null).'>'.$mon.'</option>'; if(count($mm) == 1) { $dd =$dec_yr_mon_day[$end_ddd][$end_yy][$end_mm]; $end_dd=end($dd); $all_mm=''; $all_dd='<option value="'.$end_yy.'-'.$end_mm.'">Select</option>'; $startselect3=''; $endselect3=''; $select3 =' Month: <input type="text" name="month" id="month" size="2" value="'.$mon.'" readonly="readonly" />'; } } } if(!$dd) { $all_dd=''; $startselect4=''; $endselect4=''; $select4 =' Days: <input type="text" name="day" id="day" size="3" value="All" readonly="readonly" />'; } else { foreach($dd as $day) { $select4 .= '<option value="'.$end_yy.'-'.$end_mm.'-'.$day.'" '.($browse==$end_yy.'-'.$end_mm.'-'.$day?'selected="selected"':null).'>'.$day.'</option>'; if(count($dd)==1) { $all_dd=''; $startselect4=''; $endselect4=''; $select4 =' Day: <input type="text" name="day" id="day" size="2" value="'.$day.'" readonly="readonly" />'; } else if(strlen($browse)==10){ $all_dd='<option value="'.$end_yy.'-'.$end_mm.'">All</option>'; } } } $navbar.= $startselect1.$all_ddd.$select1.$endselect1; $navbar.= $startselect2.$all_yy.$select2.$endselect2; $navbar.= $startselect3.$all_mm.$select3.$endselect3; $navbar.= $startselect4.$all_dd.$select4.$endselect4.$endform; return($navbar); } ?> MOD EDIT: . . . tags added. Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153073 Share on other sites More sharing options...
Pikachu2000 Posted December 30, 2010 Share Posted December 30, 2010 What is the new set of errors you're getting? Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153075 Share on other sites More sharing options...
karwacki Posted December 30, 2010 Author Share Posted December 30, 2010 If I change change “$HTTP_GET_VARS” to “$_GET” and “$HTTP_POST_VARS” to “$_POST,” the notices and warnings are: Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 23 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 28 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 30 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 32 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 136 Notice: Undefined variable: PHP_SELF in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 150 Notice: Undefined variable: end_mm in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 564 Notice: Undefined variable: select1 in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 568 Notice: Undefined variable: select2 in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 582 Notice: Undefined variable: navbar in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 635 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 211 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 221 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 251 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153081 Share on other sites More sharing options...
Pikachu2000 Posted December 30, 2010 Share Posted December 30, 2010 What are the chances you accidentally changed $HTTP_GET_VARS to $GET instead of $_GET ? Also, since $_SERVER['PHP_SELF'] presents a known XSS vulnerability, and $PHP_SELF has the same problem and is deprecated, you should change the form's action attribute so the <form> tag reads: <form method="get" name="search" id="search_x" action=""> Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153082 Share on other sites More sharing options...
karwacki Posted December 30, 2010 Author Share Posted December 30, 2010 Be confident that all of the $HTTP_GET_VARS were changed to $_GET (versus $GET). I also changed <form method="get" name="search" id="search_x" action="<?php echo $PHP_SELF;?>"> to <form method="get" name="search" id="search_x" action="">. The notice warning messages read: Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 23 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 28 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 30 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 32 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 136 Notice: Undefined variable: end_mm in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 564 Notice: Undefined variable: select1 in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 568 Notice: Undefined variable: select2 in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 582 Notice: Undefined variable: navbar in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 635 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 211 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 221 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 251 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Notice: Undefined variable: GET in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: array_keys(): The first argument should be an array in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Warning: Invalid argument supplied for foreach() in /xxx/www/xxxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 467 Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153091 Share on other sites More sharing options...
BlueSkyIS Posted December 30, 2010 Share Posted December 30, 2010 can you post the updated code? Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153094 Share on other sites More sharing options...
karwacki Posted December 30, 2010 Author Share Posted December 30, 2010 See below. <?php @ require ("xx.xxx.php"); ini_set('display_errors',1); error_reporting(E_ALL|E_STRICT); if (!isset($_SERVER)) { $_GET = &$_GET; $_POST = &$_POST; $_ENV = &$HTTP_ENV_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; $_REQUEST = array_merge($_GET, $_POST, $_COOKIE); } $limit = 50; $pageLimit = 20; $t = " "; $CLASS = 'lib'; $defineArt = 'Title'; if (!$page = $GET['page']) { $page = 1; } $start = ($page - 1) * $limit; $title = htmlspecialchars($GET['title']); $cleantitle = stripslashes($title); $name = htmlspecialchars($GET['nom']); $cleanname = stripslashes($name); $browse = htmlspecialchars($GET['browse']); // (roles Author Compiler Illustrator Photographer Subject VIP) use. $descrip = array("a" => "Illustrations", "b" => "Photographs", "c" => "Portraits", "d" => "Maps", "e" => "Charts", "f" => "Music", "g" => "Forms", "h" => "Facsimiles", "i" => "Plans", "j" => "GenealTables", "k" => "Samples"); // OPEN MYSQL CONNECTION $conn = mysql_connect($host, $user, $pass); mysql_select_db($db, $conn); // ARRAY DISTINCT DECADES YEARS MONTHS DAYS $year_q = @ mysql_query("select distinct YMD from xxxxxxxx1 order by YMD"); while ($rw = mysql_fetch_row($year_q)) { $ymd[] = $rw[0]; } foreach($ymd as $y_m_d) { list($y, $m, $d) = split("-", $y_m_d); $de = substr($y, 0, 3); $dec_yr_mon_day[$de][$y][$m][] = $d; } //PAGE TITLE $page_title = "Royal Purple Index: "; if ($title || $name) { $page_title .= "Search("; if ($title) { $page_title .= " $cleantitle"; } if ($name) { $page_title .= " $cleanname"; } $page_title .= " )"; } else if ($browse) { if (strlen($browse) == 3) { $page_title .= $browse.'0s'; } else { $page_title .= $browse; } } else { $page_title .= substr(end($ymd), 0, 3).'0s '; } $page_title .= " / Page $page"; $WHERE = ""; if ($title) { $WHERE = "WHERE (xxxxxxxx1.ArticleTitle LIKE '"; if ($GET['stype'] != "^") { $WHERE .= "%"; } $WHERE .= "$title%' OR xxxxxxxx1.ArticleSubtitle LIKE '%$title%' OR xxxxxxxx1.Subject1 LIKE '%$title%' OR xxxxxxxx1.Subject2 LIKE '%$title%' OR xxxxxxxx1.Subject3 LIKE '%$title%' OR xxxxxxxx1.YMD LIKE '%$title%' OR xxxxxxxx1.Notes LIKE '%$title%')"; } if ($name) { $name = trim($name," .\n"); $name = preg_replace("/[\s,\.]+/",',',$name); list($Lname,$Fname,$Mname) = split("[,. ]", $name); $Lname=trim($Lname); if ($WHERE != "") { $WHERE .= " AND xxxxxxx2.LastName LIKE '"; } else { $WHERE = "WHERE xxxxxxx2.LastName LIKE '"; } $WHERE = "INNER JOIN xxxxxxx2 USING(ID) ".$WHERE; if ($_GET[role] == "r") { $more = "(xxxxxxx2.Role LIKE '%Subject%' OR xxxxxxx2.Role LIKE '%VIP%')"; } else { $more = "xxxxxxx2.Role NOT LIKE '%Subject%' AND xxxxxxx2.Role NOT LIKE '%VIP%'"; } if ($Mname) { $Mname = trim($Mname); $Fname = trim($Fname); $WHERE .= "$Lname%' AND xxxxxxx2.FirstName LIKE '$Fname%' AND xxxxxxx2.MIddleInitial LIKE '$Mname%' AND $more"; } else if ($Fname) { $Fname = trim($Fname); $WHERE .= "$Lname%' AND xxxxxxx2.FirstName LIKE '$Fname%' AND $more"; } else { $WHERE .= "$Lname%' AND $more"; } } if ($title == '' && $name == '' && $browse == '') { $browse = substr(end($ymd), 0, 3); } if ($browse != "") { $WHERE = "WHERE xxxxxxxx1.YMD "; $WHERE .= "LIKE '$browse%'"; } // else if ($title == '' && $name == '' && $browse == '') { // $browse = substr(end($ymd), 0, 3); // } $WHERE .= " ORDER BY xxxxxxxx1.YMD DESC, xxxxxxxx1.ArticleTitle ASC"; $role_value = ""; if ($GET['role'] == "r") { $role_value = "checked='checked' "; } $main_content = <<< EOF <!-- BEGIN MAIN CONTENT HERE --> <div><!--BEGIN xxxxxx4 --> <form method="get" name="search" id="search_x" action=""> <table style="margin-left: auto; margin-right: auto;"> <tr> <td> <label for="title" accesskey="T">Title/Subject/Issue: </label> <input type="text" size="40" name="title" id="title" value="$cleantitle" /> </td> <td> <label for="nom" accesskey="A">Name: </label> <input type="text" size="40" name="nom" id="nom" value="$cleanname" /> </td> </tr> <tr> <td> Issue: YYYY-MM-DD numeric date format </td> <td> Name: Lastname, Firstname. Default as Author, Photographer, Illustrator, etc. </td> </tr> <tr> <td> </td> <td> <label for="role">as Subject: </label> <input type="checkbox" name="role" id="role" value="r" $role_value /> </td> </tr> <tr> <td colspan="2" style="text-align: right; padding-right: 5em;"><input type="submit" value="Search" /><input type="button" value="Reset" onclick="clearAll()" /> </td> </tr> </table> </form> <h1>Royal Purple Index: Electronic & Print</h1> EOF; $decadeYear = buildNav($browse,$dec_yr_mon_day); $main_content .='<div id="info"><h4><a href="http://www.royalpurplenews.com">Most current issue of Royal Purple</a></h4></div>'; $main_content .='<div id="RPresults">'; $main_content .=$decadeYear; if ($WHERE != "") { $query = "SELECT DISTINCT xxxxxxxx1.ID, xxxxxxxx1.ArticleTitle, xxxxxxxx1.ArticleSubtitle, xxxxxxxx1.Volume, xxxxxxxx1.Issue, xxxxxxxx1.YMD, xxxxxxxx1.SectionTitle, xxxxxxxx1.Pages, xxxxxxxx1.Descr, xxxxxxxx1.Subject1, xxxxxxxx1.Subject2, xxxxxxxx1.Subject3, xxxxxxxx1.Notes FROM xxxxxxx1 $WHERE"; //H2RESULTS if ($GET['showall'] != "true") { $query .= " LIMIT $start,$limit"; } else {$start = '0';} $result = @ mysql_query($query); $date = mysql_result(mysql_query("SELECT Last FROM xxxxxxx3 WHERE ID = '1'"), 0); $totalCount = @ mysql_result(mysql_query("SELECT COUNT(DISTINCT xxxxxxxx1.ID) FROM xxxxxxx1 $WHERE"), 0); $count = @ mysql_num_rows($result); if ($GET['showall'] == "true") { $page_title = substr($page_title,0,strrpos($page_title,"/")+2); $page_title .=$totalCount." Results"; } if($totalCount < $count) {$count = $totalCount;} if ($count != 0) { if ($title || $name) { $h2results = "<h2>Results (".($start + 1)."-".($start + $count)." of $totalCount) <br /> for "; if ($title) { $h2results .= " Title: <i>$cleantitle</i>"; } if ($name) { $h2results .= " Name: <i>$cleanname</i>"; } $h2results .= "</h2>"; } else { $h2results = "<h1>"; $h2results = "<h2>Results (".($start + 1)."-".($start + $count)." of $totalCount) <br /> for "; if(strlen($browse) == 3) {$h2results .= $browse.'0s';} else {$h2results .=$browse;} $h2results .= "</h2>"; } $out=$h2results.'</div><!-- navbar -->'; //SHOWALLFORM if ($totalCount >= $limit && $GET['showall'] != "true") { if(strlen($browse) != 3) { $showallform = "<div id=\"showallform\"><form method='get' action='".$_SERVER['PHP_SELF']."' style='padding: 0; margin: 0;'>Result pages (".(ceil($totalCount / $limit))."): "; foreach (array_keys($GET) as $tmpArray) { $showallform .= "<input type='hidden' name='$tmpArray' value='".$GET[$tmpArray]."' />"; } // foreach array_keys $showallform .= "<input type='hidden' id='sum' name='sum' value=".$totalCount." /><input type='hidden' name='showall' value='true' /><input id='submitall' type='submit' value='Show all' /></form>"; } elseif(strlen($browse) == 3) { $showallform = "<div id=\"showallform\">Result pages (".(ceil($totalCount / $limit))."): <br />"; } if ($page <= 1) { $pageStart= 0; } else { $showallform .= buildLink($page - 1, "Previous")." | "; } $pageStart = $page - ($pageLimit / 2) - 1; if ($pageStart < 1) { $pageStart = 0; }; for ($i = $pageStart; $i < ($page + ($pageLimit / 2) - 5) && $i * $limit < $totalCount; $i++) { if ($i != $pageStart) { $showallform .= " | "; } if ($page != ($i + 1)) { $showallform .= buildLink($i + 1); } else { $showallform .= "<strong>".($i + 1)."</strong>"; } } //for $i if ($page * $limit < $totalCount) { $showallform .= " | ".buildLink($page + 1, "Next"); } $showallform .= "</div><!-- showallform -->"; } // if $totalCount $out .= $showallform."<br />"; //TABLE $out .= "\n<table id='rparts' cellspacing='0' border='1' summary =' '><tr><th style='width: 50%'>RP Article</th><th><div id='lft'>Subjects/Names</div><div id='rte'>*=important</div></th></tr>\n"; $lastrpID=""; while ($row = mysql_fetch_row($result)) { $ID = $row[0]; if($ID != $lastrpID) { $ArticleTitle = $row[1]; $ArticleSubtitle = $row[2]; $Volume = trim($row[3]); $Issue = trim($row[4]); $YMD = $row[5]; $SectionTitle = $row[6]; $Pages = $row[7]; $Descr = trim($row[8]); $Subject1 = trim($row[9]); $Subject2 = trim($row[10]); $Subject3 = trim($row[11]); $Notes = trim($row[12]); $span = ""; if(!$SectionTitle) {$SectionTitle='';$slash="";} else {$slash=' / ';} $out .= " <tr ><td><dl><dt>$defineArt</dt><dd>$ArticleTitle"; if ($ArticleSubtitle) { $out .= " ($ArticleSubtitle)"; } $out .='</dd>'; $out .= "<dt>Royal Purple $YMD</dt>"; //want to insert authors here $p1query = "SELECT * FROM xxxxxxx2 WHERE ID='$ID' and Role not like upper('%Subject%') and Role not like upper('%VIP%') order by LastName"; $p1result = mysql_query($p1query); // // 0 ID; 1 LastName; 2 FirstName; 3 MiddleInitial; 4 NickName; 5 Role // // while ($p1row = mysql_fetch_row($p1result)) { // $P1LastName = trim($p1row[1]); // if ($p1row[2] != "") { // $P1LastName .=", $p1row[2] $p1rowp[3] $p1row[5]"; // } // else { // $P1LastName .= " $p1row[5]"; // } // $out .= "<dd>$P1LastName</dd>"; // } //while $p1row // // 0 ID; 1 LastName; 2 FirstName; 3 MiddleInitial; 4 NickName; 5 Role while ($p1row = mysql_fetch_row($p1result)) { $P1LastName = "$p1row[5] ".trim($p1row[1]); if ($p1row[3] != '') { $P1LastName .= ", $p1row[2] $p1row[3]"; } else if ($p1row[2] != "") { $P1LastName .= ", $p1row[2]"; } else { $P1LastName .= ""; } $out .= "<dd>$P1LastName</dd>"; } //While $p1row if ($Volume) { $out .= "<dd>vol. $Volume";} if ($Issue) { $out .= ", issue $Issue";} if ($Volume || $Issue) {$out .= "</dd>";} if ($Pages) { $out .= "<dd>Page $Pages$slash$SectionTitle</dd>";} if ($Descr) { $subdesc = preg_split('//', $Descr, -1, PREG_SPLIT_NO_EMPTY); $out .= "<dd>"; foreach ($subdesc as $val) { $out .= "$descrip[$val]. "; } $out .="</dd>"; } if ($Notes) {$out .= "<dt>Note</dt><dd>$Notes</dd>";} $out .= "</dl></td><td>\n"; if ($Subject1) {$br ='<br />';} else {$br='';} if ($Subject1) {$out .= "<dl><dt>Subjects:</dt><dd><ol><li>$Subject1</li>";} if ($Subject2) {$out .= "<li>$Subject2</li>";} if ($Subject3) {$out .= "<li>$Subject3</li>";} $pquery = "SELECT DISTINCT * FROM xxxxxxx2 WHERE ID='$ID' and (Role like upper('%Subject%') or Role like upper('%VIP%')) order by LastName"; $presult = mysql_query($pquery); $lastID = ""; // while ($prow = mysql_fetch_row($presult)) { // $PLastName = trim($prow[1]); // if ($prow[2] != "") { // $PLastName .=", $prow[2]"; // } // // $PID = $prow[0]; // if ($lastID != $PID) { // if ($lastID != "") { $out .= "</ol></dd></dl></td></tr><tr >\n"; } // $vip=trim($prow[5]); // if($vip !='VIP') {$vip="";} else {$vip="*";} // $out .= "</ol></dd><dt>Names as Subject:</dt><dd><ol><li>$PLastName$vip</li>"; // } // // else { $out .= "<li>$PLastName$vip</li>"; } // // $lastID = $PID; // // } //while $prow // while ($prow = mysql_fetch_row($presult)) { $PLastName = trim($prow[1]); if ($prow[3] != "") { $PLastName .= ", $prow[2] $prow[3]"; } else if ($prow[2] != "") { $PLastName .= ", $prow[2]"; } $PID = $prow[0]; if ($lastID != $PID) { if ($lastID != "") { $out .= "</ol></dd></dl></td></tr><tr >\n"; } $vip = trim($prow[5]); if ($vip != 'VIP') { $vip = ""; } else { $vip = "*"; $PLastName = trim($PLastName); } $out .= "</ol></dd><dt>Names as Subject:</dt><dd><ol><li>$PLastName$vip</li>"; } else { $out .= "<li>$PLastName$vip</li>"; } $lastID = $PID; } //while $prow $out .= "</ol></dd></dl></td>\n </tr>\n"; } //if $ID $lastrpID = $ID; } //while $row $out .= "</table><br />"; //SHOWALLFORMB, H2RESULTS, NAVBARB:decadeYear, $showallform = str_replace("showallform","showallformB",$showallform); $showallform .= $h2results; $out .= $showallform; $search=array('navbar','decade','year','month','day','myform'); $replace=array('navbarB','decadeB','yearB','monthB','dayB','myformB'); $decadeYear = str_replace($search,$replace,$decadeYear); $decadeYear .='</div><!-- navbarB --><br />'; $out .= $decadeYear; } // if $count!=0 else { $out .= "<br /><span id='big'>No records found</span></div><!-- navbar -->"; } } // if WHERE else { $out .= "<br /><span id='big'>No records found</span></div><!--navbar -->"; } $main_content .= $out."</div><!-- end of rpResults -->"; include('rp.tmpl.php'); function buildLink($linkPage, $title="") { if ($title == "") { $title = $linkPage; } global $_GET; if ($title == "") { $title = $linkPage; } $lReturn = "<a href='xxxxxxx4.php?"; foreach (array_keys($GET) as $tmpArray) { if ($tmpArray != "page") { $lReturn .= "$tmpArray=$GET[$tmpArray]&"; } } if ($title == "(Show All)") { $lReturn .= "showall=true"; } else { $lReturn .= "page=$linkPage"; } $lReturn .= "'>$title</a>"; return $lReturn; } function buildNav($browse,$dec_yr_mon_day) { $startselect1 = '<div id="navbar"><form action="xxxxxxx4.php" method="get" id="myform" name="myform">Decade: <select name="decade" id="decade">'; $startselect2 =" Year: <select name=\"year\" id=\"year\">"; $startselect3 =" Month: <select name=\"month\" id=\"month\">"; $startselect4 =" Day: <select name=\"day\" id=\"day\">"; $endselect1 = '</select>'; $endselect2 = '</select>'; $endselect3 = '</select>'; $endselect4 = '</select>'; $endform = '</form>'; $ddd=array_keys($dec_yr_mon_day); $yy=''; $mm=''; $dd=''; $all_select_yy='All'; $all_select_mm='All'; $all_select_dd='All'; switch (strlen($browse) ) { case 0: $end_ddd=''; break; case 3: //DDD DECADE $end_ddd=$browse; $all_select_yy='Select'; $yy=array_keys($dec_yr_mon_day[$end_ddd]); $end_yy=end($yy); break; case 4: //YYYY YEAR $end_ddd=substr($browse,0,3); $end_yy=$browse; $all_select_mm='Select'; $yy=array_keys($dec_yr_mon_day[$end_ddd]); $mm =array_keys($dec_yr_mon_day[$end_ddd][$end_yy]); $end_mm = end($mm); break; case 7: //YYYY-MM MONTH list($end_yy,$end_mm)=split('-',$browse); $end_ddd=substr($end_yy,0,3); $all_select_dd='Select'; $yy=array_keys($dec_yr_mon_day[$end_ddd]); $mm =array_keys($dec_yr_mon_day[$end_ddd][$end_yy]); $dd=$dec_yr_mon_day[$end_ddd][$end_yy][$end_mm]; $end_dd=end($dd); break; case 10: //YYYY-MM-DD DAY list($end_yy,$end_mm,$end_dd)=split('-',$browse); $end_ddd=substr($end_yy,0,3); $all_select_dd='All'; $yy=array_keys($dec_yr_mon_day[$end_ddd]); $mm=array_keys($dec_yr_mon_day[$end_ddd][$end_yy]); $dd=$dec_yr_mon_day[$end_ddd][$end_yy][$end_mm]; break; } $all_ddd='<option value="'.end($ddd).'">Select</option>'; $all_yy='<option value="'.$end_ddd.'">'.$all_select_yy.'</option>'; $all_mm='<option value="'.$end_yy.'">'.$all_select_mm.'</option>'; $all_dd='<option value="'.$end_yy.'-'.$end_mm.'">'.$all_select_dd.'</option>'; if($ddd) { foreach($ddd as $dec){ $select1 .= '<option value="'.$dec.'" '.($end_ddd==$dec?'selected="selected"':null).'>'.$dec.'0s'.'</option>'; if($end_ddd==$dec) { $all_ddd=''; } } } if(!$yy) { $all_yy=''; $startselect2=''; $endselect2=''; $select2 =' Years: <input type="text" name="year" id="year" size="3" value="All" readonly="readonly" />'; } else { foreach($yy as $yr) { $select2 .= '<option value="'.$yr.'" '.($browse==$yr?'selected="selected"':null).'>'.$yr.'</option>'; if(count($yy) == 1) { $browse=$yr; $mm =array_keys($dec_yr_mon_day[$end_ddd][$end_yy]); $end_mm = end($mm); $all_yy=''; $startselect2=''; $endselect2=''; $select2 =' Year: <input type="text" name="year" id="year" size="4" value="'.$yr.'" readonly="readonly" />'; } } } if(!$mm) { $all_mm=''; $startselect3=''; $endselect3=''; $select3 =' Months: <input type="text" name="month" id="month" size="3" value="All" readonly="readonly" />'; } else { foreach($mm as $mon) { $check=$browse; if(strlen($browse)>7) {$check=$end_yy.'-'.$end_mm;} $select3 .= '<option value="'.$end_yy.'-'.$mon.'" '.($check==$end_yy.'-'.$mon?'selected="selected"':null).'>'.$mon.'</option>'; if(count($mm) == 1) { $dd =$dec_yr_mon_day[$end_ddd][$end_yy][$end_mm]; $end_dd=end($dd); $all_mm=''; $all_dd='<option value="'.$end_yy.'-'.$end_mm.'">Select</option>'; $startselect3=''; $endselect3=''; $select3 =' Month: <input type="text" name="month" id="month" size="2" value="'.$mon.'" readonly="readonly" />'; } } } if(!$dd) { $all_dd=''; $startselect4=''; $endselect4=''; $select4 =' Days: <input type="text" name="day" id="day" size="3" value="All" readonly="readonly" />'; } else { foreach($dd as $day) { $select4 .= '<option value="'.$end_yy.'-'.$end_mm.'-'.$day.'" '.($browse==$end_yy.'-'.$end_mm.'-'.$day?'selected="selected"':null).'>'.$day.'</option>'; if(count($dd)==1) { $all_dd=''; $startselect4=''; $endselect4=''; $select4 =' Day: <input type="text" name="day" id="day" size="2" value="'.$day.'" readonly="readonly" />'; } else if(strlen($browse)==10){ $all_dd='<option value="'.$end_yy.'-'.$end_mm.'">All</option>'; } } } $navbar.= $startselect1.$all_ddd.$select1.$endselect1; $navbar.= $startselect2.$all_yy.$select2.$endselect2; $navbar.= $startselect3.$all_mm.$select3.$endselect3; $navbar.= $startselect4.$all_dd.$select4.$endselect4.$endform; return($navbar); } ?> MOD EDIT: . . . tags added. Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153101 Share on other sites More sharing options...
Pikachu2000 Posted December 30, 2010 Share Posted December 30, 2010 Starting with the second conditional in the code, there are instances of $GET instead of $_GET . . . Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153104 Share on other sites More sharing options...
karwacki Posted December 30, 2010 Author Share Posted December 30, 2010 Yes, I see your point. My apologies. I made the changes and below is the current listing of notices. Notice: Undefined index: page in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 23 Notice: Undefined index: title in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 28 Notice: Undefined index: nom in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 30 Notice: Undefined index: browse in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 32 Notice: Undefined index: role in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 136 Notice: Undefined variable: end_mm in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 564 Notice: Undefined variable: select1 in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 568 Notice: Undefined variable: select2 in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 582 Notice: Undefined variable: navbar in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 635 Notice: Undefined index: showall in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 211 Notice: Undefined index: showall in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 221 Notice: Undefined index: showall in /xxx/www/xxxxx/xxx/library/xxxxxxxxxxx/showrp.php on line 251 Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153107 Share on other sites More sharing options...
BlueSkyIS Posted December 30, 2010 Share Posted December 30, 2010 you are referencing those indices and variables before they have been defined, before they have been assigned a value or declared. here is one way to fix the first undefined index notice, check to see if it isset before checking it's value: if (isset($_GET['page'])) { $page = $GET['page']; } else { $page = 1; } Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153123 Share on other sites More sharing options...
sasa Posted December 31, 2010 Share Posted December 31, 2010 change $GET to$_GET in line 469 Quote Link to comment https://forums.phpfreaks.com/topic/222418-processing-problem-related-to-hardened-php-environment/#findComment-1153278 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.