Disabling register_globals

software development

#1

I am looking for a way to disable register_globals in php4 on DH. The wiki suggests using .htaccess and switching to mod_php, but since mod_php is no longer an option, that is not possible.

Any ideas?

Use promo code My50 to save $50 on any year of these nice plans


#2

I can’t remember exactly (I use PHP5, so it is not an issue for me), but I think you can do it by putting this in your .htaccess file:php_flag register_globals off--------
Simon Jessey | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#3

If your using PHP4 as CGI, no you cannot turn off register_globals. The best way to turn it off is to update to PHP5 or install your own version of PHP.

I’d highly recommend updating to PHP5.


#4

I too would like to disable register_globals. We don’t have access to the php.ini file, eh?

The site in question is PHP 4.4.2, with Extra Web Security.

I’ve read a few things in here and in the DH wiki about running PHP as a CGI to disable register_globals. How do I do this? From the web panel > domain name, the only options I am presented with are Extra Web Security and Fast CGI. Should I turn off Extra Web Security and turn on Fast CGI?

I have an .htaccess file in the root dir with

php_flag register_globals off

but it ain’t doing squat.

The site runs a v.1 of Gallery and an older (free) MovableType, and 1.5.x of WordPress. Could I safely switch to PHP5 with these apps?

How to disable register_globals? (kind of shocking that DH defaults it to ON, if you ask me.)

TIA!
JF :wink:


#5

Read the post I made just above. :slight_smile:

You cannot turn off register_globals if you’re running PHP4 as CGI. You can either do one of two things: 1) Use DH’s PHP5. 2) Install your own version of PHP4 and turn off register_globals that way (it’s default off in newer installs of PHP4).

I’d suggest running PHP5. It’s best to upgrade languages when ever you can.

Gallery, no clue.
MovableType is Perl. Not unless it’s changed recently. If that’s the case, the answer would be yes as it would mean they’ve created a PHP version well after PHP5’s release.
WordPress Should be gtg. I have WordPress on my site, don’t know what version, and it runs just find with PHP5.

Backwards compatibility. There’s a LOT of sites on DH servers that still require that stupid thing to be on. It took a while of fighting with DH just to get PHP5 CGI installed! It wasn’t until I suggested just to make it a CGI option did they finally gave in.

yerba# rm -rf /etc
yerba#


#6

[quote]Backwards compatibility.

[/quote]

Indeed. It’s a long process, but we are really trying to wean people off of mod_php over the long run, as PHO-CGI is much more suitable for shared hosting environments.

[quote]It took a while of fighting with DH just to get PHP5 CGI installed!

[/quote]

When PHP5 came out it was pretty much already a foregone conclusion that we would support it, and that the support would be the CGI version only. We have tons of customers who use PHP, and the demand for its support was immense.

Of course, that doesn’t account for the timeline in which we would support it. Lots of factors involved in that.

Either way, PHP5 is a big win for us as it’s an excellent “carrot” with which to convince people to leave mod_php behind. :>

  • Jeff @ DreamHost
  • DH Discussion Forum Admin