> One interesting thing that I saw was how phpPgAdmin deals with
> register_globals=off.  With a few lines of code they adapted their
> entire application to work with either setting.  Security-wise, I don't
> know if it was the bast way to go about things, but it worked for me
> since I really needed the application to work right away.  I don't have
> the code in front of me right now, but I will post it if you like.

I would guess that they, via code, registered their globals manually;
something like this:

<?php // register_globals.php

$superglobals = array('_SERVER', '_GET', '_POST', '_COOKIE', '_SESSION');

foreach($superglobals as $superglobal)
{
  extract($$superglobal);
}

?>


each script that depends on register_globals = on would then simply:

require_once('register_globals.php');


I remember posting a code snippet like this (but not quite the same) to the
list a long time ago:

  http://p2p.wrox.com/archive/beginning_php/2002-05/73.asp


This will get most of your register_globals = on dependent scripts to work.
The reason I say *most* and not *all* is because there are situations where a
script can depend on the order the superglobals are extracted; variable naming
conflicts come to mind.

Take care,

Nik