Full Version: register_globals = On/Off setting
Could we set register_globals = On/Off per site via a .htaccess file !?!
Yes.
php_value register_globals X
Replace "X" with "0" for off or "1" for on.
php_value register_globals X
Replace "X" with "0" for off or "1" for on.
Thanks.
You should globally set (FORCE) register_globals to OFF
It is a HUGE SECURITY RISK and it only lets programmers be lazy. NO well written script will require it to be on, and you should NEVER run a script that requires it to be on.
It is very easy to access the information in question through the superglobal arrays like $_GET, $_POST, $_COOKIE, and so on.
Only turn this on if you WANT your box to be hacked.
It is a HUGE SECURITY RISK and it only lets programmers be lazy. NO well written script will require it to be on, and you should NEVER run a script that requires it to be on.
It is very easy to access the information in question through the superglobal arrays like $_GET, $_POST, $_COOKIE, and so on.
Only turn this on if you WANT your box to be hacked.
QUOTE (Blue|Fusion)
Yes.
php_value register_globals X
Replace "X" with "0" for off or "1" for on.
php_value register_globals X
Replace "X" with "0" for off or "1" for on.
Well, did include this:
CODE
php_flag register_globals 1
in the root .htaccess file and got a internal error 500 !...
CODE
php_flag register_globals on
it's a boolean setting
QUOTE (DeadEye686)
CODE
php_flag register_globals on
it's a boolean setting
same result !
CODE
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
Are you running phpSuexec? if so that will cause that error.
You need to do something with individual php.ini's but im not sure
You need to do something with individual php.ini's but im not sure
Which control panel? With Plesk, this can be done per each domain's vhost.conf. Also, theres a setting to allow or disallow overrides in php.ini that may be interferring with adding a php directive in .htaccess.
QUOTE (challii)
Are you running phpSuexec? if so that will cause that error.
You need to do something with individual php.ini's but im not sure
You need to do something with individual php.ini's but im not sure
Oh, yes I have phpsuexec on it !...
Yes, challii is correct. With phpsuexec, one cannot include PHP directives in .htaccess. However, you can put a php.ini file in the document root of the web site. I suggest you copy your main php.ini file there and then modify the paramenters for this web site as needed.
QUOTE (Guspaz)
You should globally set (FORCE) register_globals to OFF
It is a HUGE SECURITY RISK and it only lets programmers be lazy. NO well written script will require it to be on, and you should NEVER run a script that requires it to be on.
It is very easy to access the information in question through the superglobal arrays like $_GET, $_POST, $_COOKIE, and so on.
Only turn this on if you WANT your box to be hacked.
It is a HUGE SECURITY RISK and it only lets programmers be lazy. NO well written script will require it to be on, and you should NEVER run a script that requires it to be on.
It is very easy to access the information in question through the superglobal arrays like $_GET, $_POST, $_COOKIE, and so on.
Only turn this on if you WANT your box to be hacked.
Thats nice, so the server can be hacked.
I have some softwares that require this to be one. Just to mention some of them
Modernbill
Whoiscart
AWBS
etc.
I did not no you could set this to one, only on one individual domain. Whats the security diference settings this per domain or per server? On plesk how can i do it?
We have registered_globals off and modernbill works like a charm.
I agree with guspaz when he says that having it on allows programmers to be lazy.
I agree with guspaz when he says that having it on allows programmers to be lazy.
Ok. I have set this globally on the php.ini to OFF
And on the domain that requires to be on on the vhosts.conf i have put
php_value register_globals on
I suppose it works now but only for that single domain right?
And on the domain that requires to be on on the vhosts.conf i have put
php_value register_globals on
I suppose it works now but only for that single domain right?
Hi I have the same problem... as do it?
I not have access in console server.
QUOTE
However, you can put a php.ini file in the document root of the web site. I suggest you copy your main php.ini file there and then modify the paramenters for this web site as needed.
I not have access in console server.
You will need root access or ask your host to modify the files if you do not have root access yourself to make the changes. modify, add or rmeove directives as needed.
The actual contents of the vhost.conf and vhost_ssl.conf file should actually be as follows.
<Directory /full/path_from_root/vhosts/your_domain.tld/httpdocs>
php_admin_value open_basedir "/full/path_from_root/vhosts/your_domain.tld/httpdocs:/tmp"
</Directory>
<IfModule mod_php4.c>
php_flag log_errors on
php_value error_log "/full/path_from_root/vhosts/your_domain.tld/statistics/logs/error_log"
</IfModule>
<Directory /full/path_from_root/vhosts/your_domain.tld/httpdocs>
php_admin_flag engine on
php_admin_value register_globals 1
php_admin_value safe_mode off
</Directory>
The actual contents of the vhost.conf and vhost_ssl.conf file should actually be as follows.
<Directory /full/path_from_root/vhosts/your_domain.tld/httpdocs>
php_admin_value open_basedir "/full/path_from_root/vhosts/your_domain.tld/httpdocs:/tmp"
</Directory>
<IfModule mod_php4.c>
php_flag log_errors on
php_value error_log "/full/path_from_root/vhosts/your_domain.tld/statistics/logs/error_log"
</IfModule>
<Directory /full/path_from_root/vhosts/your_domain.tld/httpdocs>
php_admin_flag engine on
php_admin_value register_globals 1
php_admin_value safe_mode off
</Directory>
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.