CHANGE_HISTORY - Register Gloabls - Richard Bentley
--------------

v1.0 - First release

-------------------------------------------------
[v 1.1 - Contributed by Alexander Heim (MasterEmit)]

-------------------------------------------------
v1.1.1 - 22/05/2004

----
I looked at version 1.1. In this there are a couple of changes

The first is to reset the $_SESSION[$variable]. I agree with this change and it is included in this
 version (1.1.1). What I don't understand is why I never came accross this problem myself !

I have not included the change to the variable names stored in $_SESSION. Alexander Heim has
 suggested adding a 'global' name prefix to all variable names so that they don't get confused with
 other variables stored in $_SESSION (at least, that is my understanding). I don't see why this is
 necessary because any variable added to $_SESSION is (by definition) a session variable.
 Therefore, there can't be a possibility of confusion - there is nothing to confuse it with !

If you disagree with me on this point then I suggest you look at v1.1. If you'd like to convince me
 that I am wrong, then I would be interested to hear from you. I'm prepared to have my mind
 changed.

----
Twan (Deodupke) posted up an error being generated from one of the loops that register variables.
 Again, I can't understand why I didn't come across this myself; it's a very obvious bug ! Anyway,
 I have corrected this problem in session.php

----
Alexander Heim posted a solution for yet another problem; this time in
 .../admin/products_attributes.php

This is an ugly problem and the sort of thing that is difficult to locate - basically the original
 code is badly written !

I have no doubt that Alexander Heim's solution to this problem works, but I have included a
 different solution in this release.

I'd just like to say thank you to Alexander Heim for his contributions, and offer my apologies for
 getting this wrong in the first place.

-------------------------------------------------
v1.2 - 19/09/2004

----
Added modification to .../catalog/install/includes/application.php

----
Corrected comments at top of function link_session_variable

----
Added patch instructions for installation file .../catalog/install/includes/application.php

----
Added further patches to make Easy Populate work - .../catalog/easypopulate.php

----
Changed the comments regarding which version of the session control functions to use -
there is no need to use the 'paranoid' version for normal use

-------------------------------------------------
V1.2.1 - 26/09/2004

----
Oops ! I made a mistake in the last release (it was late !) - the easypopulate patch
works but prints some warnings sometimes

This is now corrected - see below

----
Added link_get_variable and link_post_variable function into .../includes/functions/general.php
for both catalog and admin. These functions are required to support the corrected easypopulate
patch in the admin case

----
Modified some of the other patches to use the new functions added into general.php
These are as follows :

.../admin/products_attributes.php

----
Added support for CC details in .../catalog/include/classes/order.php
Thanks to bnoji (Ben Noji) for posting this up on the board

----
Added some notes to the README file to explain what to do if you get the 'bug_compat_42' warning
from PHP

-------------------------------------------------
V1.2.2 - 05/01/2005

----
Made some minor changes to the instructions because some people seem to be getting confused
when applying this patch. I have also added a small note about what happens if register globals
is left 'on' after applying this patch

NOTE: This DOES NOT change in any way the actual patch - I have just clarified the instructions

-------------------------------------------------
V1.3 - 13/01/2005

----
Fixed 3 bugs in the catalog session code changes, thus...

File : .../catalog/includes/functions/sessions.php

  Function : tep_session_register()
             Was returning 'success' instead of '$success'

  Function : tep_session_close()
             I have changed the semantics of this function.
             This is usually not a very good thing to do, but the original function was wrong anyway !

             The function was supposed to be returning a status indicating (...what exactly ?)
             However, the function could fail to return any value at all, and in some cases
             it tried to return the value from the call to session_write_close(), but
             session_write_close() doesn't actually  return anything !

             Checking the rest of the code shows that nobody is interested in the return value
             anyway, so I have just removed the only valid return value that there was; the
             one returned from the call to session-close()

  Function : link_session_variable()
             The $nothing variable ought to be initialised (this can cause warnings to
             be issued on some PHP installations)

----
Fixed 2 bugs in the catalog session code changes, thus...

File : .../admin/includes/functions/sessions.php

  Function : tep_session_close()
             Changed semantics as per the catalog version - see above

  Function : link_session_variable()
             The $nothing variable ought to be initialised (this can cause warnings to
             be issued on some PHP installations)

----
Corrected a spelling mistake in the admin_patch instructions. This does not affect the actual
patched code. Made ref. to new file (OTHER_CONTRIBUTIONS) - see below

----
Added a new file - OTHER_CONTRIBUTIONS. This basically conatains a long post that I put up on the support forum some time ago and gives some advice on getting other contributions working with register globals switched off

-------------------------------------------------
V1.4 - 06/03/2006

----
Updated to match the security/bugfix update to MS 2.2, dated 13/11/2005. This only
actually affects one function; tep_session_start() in .../catalog/includes/functions/sessions.php

----
Added patching for the following variable. This is in $_SERVER but it was being ref'd in an
incorrect way (when regiser globals are off) :

    REMOTE_ADDR - This affects the following files :
        /catalog/includes/languages/.../password_forgotten.php

NOTE: The following variables are also 'incorrect' but they are only incorrect in the file
      .../classes/sessions.php and this file (in catalog and admin) is only used if you
      are using PHP3. As this patch will not work if you are using PHP3 then correcting
      this file is irrelevant

    HTTP_REFERER
    REQUEST_URI
    SERVER_NAME

----
Included pre-patched files as well as original patching instructions into the package. This should
make life a little easier for some people

----
Updated README file to reflect changes

-------------------------------------------------
-eof-
