I know I’ve been using PHP for longer than just about anyone, but I’ve not had a blog in years. I’m going to need to up my game if I want a place to write about PHP and blogging.
In the new php.ini file, you have two options to enable/disable PHP glob.
The first is to enable it in the php.ini file, the second is to edit your PHP files and add this line wherever you want to enable PHP glob.
The problem with PHP glob is that it is a global variable. You can only set one globbing variable at a time, so if there is a variable in php.ini, but all other php files are not enabled, PHP glob is enabled for all php files. This means if you have a php.ini file that is in another folder, then php glob is enabled in all of those other files too.
I know it looks like a feature at first, but it is a security concern. What is the chance that someone could set a php glob variable in a folder and have it override a php.ini variable? It’s a real problem if you have a website that links to a web page in another folder. If you have a php.ini file in the root, it is easy to set a php glob variable.
the reason for this is that if you find a php glob variable and want it set in a different folder, then you need to have the php glob variable in the subfolders of your site.
It’s quite common that people will set up a php glob variable just to have the file and not have to remember it.
For this website we need a php glob variable so that we do not have to manually set it in every single folder. Luckily our php glob variable is stored in a php.ini file in the root folder. If you are not in a root folder, you can simply copy and paste the php glob variable into the php.ini file.
So if you use glob, it must be in the root folder.
Now while this is one of the simplest PHP scripts, it should go without saying that it is not safe to use this code in a production environment. It will cause your PHP scripts to run in a loop, which will ultimately slow down your site as it will be taxing your server.