parse_str($_SERVER['QUERY_STRING']);
if ($m == ""){
$dateComponents = getdate();
$month = $dateComponents['mon'];
$year = $dateComponents['year'];
} else {
$month = $m;
$year = $y;
}
echo build_previousMonth($month, $year, $monthString);
// ... etc
Original implementation of parse_str() - and the particular way it was often used - was, to say the least, quite naive. The problem is that, when called without second argument, this function essentially allowed polluting the local symbol table. Here's an extract of CVE Vulnerability Description:
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
That's why omitting second argument was deprecated in PHP 7.2 and dropped completely in PHP 8.0. Thus you need to reimplement this call so that the result is stored in a variable, and instead of checking $m, $y, ... directly, you check elements of associative array stored in that variable instead.
For example:
parse_str($_SERVER['QUERY_STRING'], $query);
if (empty($query['m'])) {
// no data passed
}
else {
$month = $query['m'];
// etc
}
As a sidenote, I'm really not sure why do you even have to parse query string, and not just use $_GET directly.