Jump to content

Need to turn off Register Globals on shared site


JRS

Recommended Posts

Hello,

I have been developing an app. locally with Register_Globals set to OFF. However, just found out my HOST, has Register_Globals turned ON. This has caused some weird errors in my code (data corruption in session variables).

How do I turn off register_globals if I don't have access to php.ini? Can I request the ISP to turn it off? Are they supposed to turn it off by default?

Thanks in advance
JRS
Link to comment
Share on other sites

I ran into the same thing while developing a website for a client then parked it at Yahoo! webhosting. They also had Register Globals set to ON....Made me cringe, but I was able to still initialize sessions and keep pretty secure code...

Unfortunately, no way to turn Register Globals to OFF w/o access to php.ini file. When I contacted Yahoo! they stated they had NO plans of adjusting so I had to dig deep and use define() more...
Link to comment
Share on other sites

[!--quoteo(post=368728:date=Apr 26 2006, 12:04 AM:name=PWD)--][div class=\'quotetop\']QUOTE(PWD @ Apr 26 2006, 12:04 AM) [snapback]368728[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I ran into the same thing while developing a website for a client then parked it at Yahoo! webhosting. They also had Register Globals set to ON....Made me cringe, but I was able to still initialize sessions and keep pretty secure code...

Unfortunately, no way to turn Register Globals to OFF w/o access to php.ini file. When I contacted Yahoo! they stated they had NO plans of adjusting so I had to dig deep and use define() more...
[/quote]
PWD,
Thanks for the feedback. Can I ask how you used define() to solve any potential issues? I read the php manual with regards to Register_globals and not really clear on what is causing the problems and how it can be fixed.
Thanks
JRS
Link to comment
Share on other sites

In some cases webhosts may allow the use of .htaccess files. With .htaccess you can change a few settings to the server such as turning off register_globals. If you create a .htaccess file in root of where you store your website files with the following:
[code]php_flag register_globals off[/code]

This may turn off register_globals through out your site.
Link to comment
Share on other sites

[!--quoteo(post=368778:date=Apr 26 2006, 05:52 AM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ Apr 26 2006, 05:52 AM) [snapback]368778[/snapback][/div][div class=\'quotemain\'][!--quotec--]
In some cases webhosts may allow the use of .htaccess files. With .htaccess you can change a few settings to the server such as turning off register_globals. If you create a .htaccess file in root of where you store your website files with the following:
[code]php_flag register_globals off[/code]

This may turn off register_globals through out your site.
[/quote]
Wildteen88,
I checked with the webhost - they said quite a few of their clients require register_globals on - so they have enabled it on all their shared servers. Only solution is to use Virtual Private Server.

Would anyone have any guidelines as to what I should check in my application to make sure it works with register_globals ON?

I guess I will change my local setting to register_global ON to test the application.
Thanks
JRS
Link to comment
Share on other sites

What register_globals does is extract the variables inside the supergloabls arrays, Superglobal arrays the following variables:
$_POST, $_GET, $_SESSION, $_COOKIE etc.

Now if you have something like this:
[code]<?php

if(isset($_POST['submit']))
{
    echo $_POST['formValue'];
}

?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
   <input type="text" name="formValue" /><br />
   <input type="submit" name="submit" value="Submit">
</form>[/code]Now that wont work on your ISPs server but this will:
[code]<?php

if(isset($submit))
{
     echo $formValue;
}

?>
<form action="<?php echo $PHP_SELF; ?>" method="post">
   <input type="text" name="formValue" /><br />
   <input type="submit" name="submit" value="Submit">
</form>[/code]
Notice the difference?
Link to comment
Share on other sites

[!--quoteo(post=368881:date=Apr 26 2006, 12:00 PM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ Apr 26 2006, 12:00 PM) [snapback]368881[/snapback][/div][div class=\'quotemain\'][!--quotec--]
What register_globals does is extract the variables inside the supergloabls arrays, Superglobal arrays the following variables:
$_POST, $_GET, $_SESSION, $_COOKIE etc.

[/quote]

Wildteen88,
Thanks for the example, I understand it now. This would involve me having to change quite a bit of code. What I don't understand it - most of my application still works on the hostsite. All my code involves using $_POST['index'] type access.

Also I found this code snippet from another user on the PHP.NET site for turning register globals off (simulate) - would this work? do you see any issues with this code?
(thanks rn12 in UK somewhere! for the followin code)
To fix it, you must do
[code][
       $unset = array_keys($_SESSION);
       foreach($unset as $rg_var){
               if(isset($$rg_var)){
                       unset($$rg_var);
               }
       }
AFTER you have called session_start().
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.