Register Globals Off for Mambo?

cpwr49 · 2005-04-04 23:49:38 UTC

I am trying to install mambo and I want to turn Register Globals off. I added the last three lines as suggested on the Mambo board but I get a 500 internal server error. When I take them off I am back where I started. How can I turn Register globals off? Here is the file which includes the last three troublesome lines. Thanks. Christopher:

@version $Id: htaccess.txt,v 1.5 2005/01/22 23:00:27 spacemonkey Exp $

@package Mambo

@copyright © 2000 - 2005 Miro International Pty Ltd

@license http://www.gnu.org/copyleft/gpl.html GNU/GPL

Mambo is Free Software

mod_rewrite in use

RewriteEngine On

Uncomment following line if your webserver’s URL

is not directly related to physical file paths.

Update YourMamboDirectory (just / for root)

RewriteBase /consult

Rules

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php
Php_flag register_globals off
Order allow, deny
Allow from all

turi319 · 2006-03-19 00:37:18 UTC

hi, did you ever learn how to turn them off?
i have run into the same problem. thanks!

Ryo-ohki · 2006-03-19 13:56:28 UTC

You can’t unless you compile php on your account so you can edit the php.ini file. The instructions to install php4 are pretty straight-forward. You are going to have a helluva time if you want to install php5…

The Insane Cabbit
Blog: http://www.sounanda.com
Store: http://www.marciesgifts.com
PM for CMS or forum install.
[color=#CC0000]$97 Off[/color] with promo code pixiedust

norm1037 · 2006-03-19 16:54:27 UTC

I just wondered, if php runs as a CGI, can not a php.ini file that is a copy of the main server php.ini, with any adjustments like register-globals changed, be placed in the folder that the php script runs from. So that an extra installation of PHP is not required?

I always thought that the php interpreter would look in several places when called as a cgi/cli. Or if PHP were installed as an Apache module and loading only once that the .htaccess file could be used.

–
Norm

guice · 2006-03-19 18:33:15 UTC

Use PHP5. The INI for that has them off by default.

Or you can install your own version of PHP
OR you can use PHP4, Apache mod, which will give you access to use “php_flag register_globals off” in your .htaccess file.

Those are the only options you have to turning them off. Pick one.
I’d recommend using PHP5.

Issue is that the location of the INI file is hard coded into the binary of PHP. The only way to override that (as CGI) is to recompile PHP. You CAN change it for CLI, but not as CGI.