Home General support

register_globals problem

jenwaak Member
in General support
After having read the forum threads on this topic I'm not really crazy about even starting this thread, but I'm stuck.

Register_globals is on at my host by default, so I created a php.ini and put it in the cgi-bin directory as instructed by my web host. I also created a phpinfo file, http://jwaak.com/phpinfo.php, to verify that register_globals was indeed set to off. According to that file, the local version is.

I then took the advice from another thread and did an echo in the setup, and it returned: $register_globals string(3) "off"

This would also tell me that register_globals is off.

Yet, I still have a setup error stating:
Error!

PHP Register globals presents a security risk to any PHP application. See Using Register Globals. Zenphoto refuses to operate under these conditions. Change your PHP.ini settings to register_globals = off.

What next?

Thanks!

Comments

  • acrylian Administrator, Developer
    Please see this older lengthly discussion:
    http://www.zenphoto.org/support/topic.php?id=9435#post-55544
  • jenwaak Member
    I had read that post, several times, and tried the troubleshooting advice provided by sbilliard prior to posting this question.

    So, my question is:
    1) If the results of my phpinfo.php script tells me that the local version of register_globals is off, and
    2) when I add this code to setup;php add a line to setup.php circa line 427 that reads:
    echo '$register_globals ';var_dump($register_globals);
    I also get the output of: $register_globals string(3) "off"

    What is the next step?

    You can run the phpinfo script yourself to verify, as I've provided the link above.
  • acrylian Administrator, Developer
    Did you try what my collegue mentiones over there?:

    The setting of register_globals was made to the string "off" [note the quotation marks. This is not at all the same as setting it to the constant off. Instead it is equivalent to setting the variable to on or true,

    So set it to off [no quotes] and it will indeed be not set.
  • jenwaak Member
    Yes, my register globals line in my php.ini file reads: register_globals = off

    If the phpinfo script tells me that register_globals is off (which it does), shouldn't they indeed be off?

    -Jen
  • sbillard Member
    See the post above.
  • jenwaak Member
    I understood acryllian's instructions to read to not use quotes when setting it. Which is exactly what I replied. I now fear I misunderstood that block quote, so I have modified my php.ini to try it both ways.

    register_globals = off
    AND NOW
    register_globals = "off"

    (note both with and without the quotes)

    My phpinfo script as well as your setup script gives me the same information, either way. phpinfo tells me the local version of my variable is set to off, yet your setup script is telling me it is on. Is your setup script perhaps reading the Master Value (which I cannot change as I'm on shared hosting)?

    Copied directly from phpinfo:
    Directive Local Value Master Value
    register_globals Off On
  • sbillard Member
    register_globals Off On
    It can't be both! I presume since On was the last item that is what it is set to.
Sign In or Register to comment.