[quote]Since a lot of those scripts weren’t written on DH servers
I can’t see what that’s got to do with it.
[quote]and a lot of them were written a long time ago, a lot of them expect register_globals to be on.
Then they were written pre PHP4, and perhaps DH should have left them running on pre PHP4, rather than tinker with the PHP4 config. Things move on - PHP4 changed the register_globals for good reason - and DH can’t hold back that tide.
[quote]As far as I’m aware, most large web hosting companies have register_globals on
I thought otherwise, for PHP4 - i.e. most stick with the default.
[quote]Since PHP5 breaks tons of old PHP4 scripts, yeah, we’re guessing it won’t be a
big deal to turn off register_globals.
Thanks, but what’s with this “turn off”? I’m not suggesting DH “turn off” - just leave the default “off” unchanged. Esp since surely DH won’t be replacing the earlier version of PHP, even though IIUC it did last time around.
[quote]Can you tell what a huge, huge fan of PHP I am?
[quote]And again, there is nothing inherently wrong with register_globals. It only makes it
easier to do stupid things.
What’s /inherently/ wrong with it is that, MUCH more than making it easier to do stupid things, it makes it easier to do dangerous things /by/ /accident/ e.g. though simply omission. In this it differs greatly from allow_url_fopen, note.