#25 php global

v1.0 (example)
closed
5
2004-11-07
2004-10-07
Dr Ray Lewis
No

The installation requires
register_globals = off

but I have problems with other applications which
REQUIRE register_globals = on. Once loaded I find xrms
works with it set to on, but I need to install it on a
server where I do not have permission to switch to off,
even temporarily.

What should I change in the installation to avoid being
forced to switch it register_globals = off? Can you
assure me that xrms will never actively check in use this
setting (so I can leave it on). The application is being
run in a secure environment so possible security
problems in forms is not an issue for me right now - more
important to get it working.

Regards
Ray

Discussion

  • DebbieB
    DebbieB
    2004-10-24

    Logged In: YES
    user_id=1145451

    I have the same problem. The install was perfect, but I
    receive the message:
    Register_globals is currently on for your server. It must be
    turned off for XRMS.(It is obsolete, and a security hole that
    causes problems for XRMS.) Modify your php.ini file to turn off
    register_globals.

    I also cannot change the php.ini files.

     
  • DebbieB
    DebbieB
    2004-10-24

    Logged In: YES
    user_id=1145451

    Dear Ray, I don't know if you tried this already, but I
    commented out the fatal error lines related to the global
    functions in the: xrms/xrms/install/install.php file and so far
    everything is just beautiful. This is a fantatic tool!

     
  • Brian Peterson
    Brian Peterson
    2004-11-07

    Logged In: YES
    user_id=204919

    register_globals=on sn't really a safe setting, especialy
    for a production server.

    The XRMS development team has made every attempt to make our
    code safe with register_globals=on, but you should really
    fix your other code. The PHP core has recommended
    register_globbals=off for over two years now, so continuing
    to use code in a production environment that is liklely to
    be a security risk seems not all that smart.

    Debbie's workaround will work, but we won't support you if
    you have problems.

    - Brian

     
  • Brian Peterson
    Brian Peterson
    2004-11-07

    • assigned_to: nobody --> braverock
    • status: open --> closed