register globals off ?

Register globals off ?, a forum discussion on Jojo CMS. Join us for more discussions on Register globals off ? on our General Discussion forum.

Back to Forum Index : Back to General Discussion   RSS
rockstar rockstar

20 Sep 2007
Posts: 27

what adverse affects/limitations can I expect to see if I go to a host with register globals off.. It seems most have it on.

My current host allows multiple domains so it would be preffereable to have it on and disable it in htaccess if it will make problems with other things besides jojo.

How effective is the htaccess route.

I have to move to another server[same host] to try to alleviate ftp problems is why I ask

regards

edit I just looked aroun alittle and found this in 1 minute.from another forum.

http://forum.siteground.com/archive/index.php/t-2156.html

Hi Gary,

The entire PHP development community recommends the register_globals to be off. They have created very good article that explains this decision.

It can be found here:

http://php.net/register_globals

We, of course have been advised to switch off the register_globals directive, however, there are a lot of scripts, which are securely written, but require the register_globals to be on.

This is why we have allowed the global PHP setting to be overwritten. This can be done by creating a file named php.ini , with content of:

register_globals = ON

or respectively

register_globals = OFF

The file must be placed in the folder along the files that it might affect. For example, if you have the following hierarchy:

- directory1
- directory2
- phpfile1.php
- phpfile2.php

and you place a php.ini in the folder, it will affect only phpfile1.php and phpfile2.php. To affect the files under directory1 and directory2, you should copy the file into each of them, using your favorite FTP client.

Hope this explanation will solve your issue. Let us know if it did not and if you have any additional inquiries :)

Rockstar
Harvey

Core Developer

Harvey

20 Sep 2007
Posts: 327

Officially, we say that Jojo will only work with register globals OFF. Basically, we agree with the rest of the web development community on this one.

Jojo was originally an in-house CMS, and we have done everything with register globals off for the last couple of years. It would be fair to say that Jojo hasn't had much testing done with register globals being on.

But, in theory it should work due to the way we have written the code. I don't think we use GET / POST / COOKIE variables of the same name anywhere in the core code, so there shouldn't be much chance of losing your data.

To turn off register globals, you should use whatever method your host recommends. We have used hosts where you can choose ON / OFF via the control panel, others let you tweak the .htaccess file.

Most solutions involve placing the following code into your .htaccess...
php_flag register_globals off


I would try that first, and contact the host if it gives you trouble. If your host doesn't know how to turn off register globals or says it's not important, run!
Back to Forum Index : Back to General Discussion   RSS
You must be logged in to post a reply



You need to Register or Log In before posting on these forums.