turn off register_globals on a shared server

Re: turn off register_global s on a shared server

In article <1122423895.001 684.209750@z14g 2000cwz.googleg roups.com>,
aeldaly@gmail.c om wrote:
[color=blue]
> Hello all,
>
> My shared server provider has register_global s on. I checked by running
> php_info(); from within a file. I would like to turn this off, but
> asking them to turn it off just for me will not work.
>
> I tried adding the following lines to the .htaccess file:
> <IfModule mod_php4.c>
> php_flag register_global s off
> </IfModule>
> but that did not work. I thought that maybe the file is called
> something else, and I could not find any file containing mod_php
> anywhere on the server. Also, I can see that the addmodule line for
> mod_php4.c is commented out in the httpd.conf file for the shared
> server.
>
> I do not know how the server can serve php if that line is commented
> out?
>
> Bottom line is: is the .htaccess approach the correct one? and does
> anyone know how I can find out if I am using the correct filename?
>
> phpinfo() says that I have PHP Version 4.3.11
>
> I will leave phpinfo() running on the main page so that if someone
> needs more information, they can find it at linux-place.com
>
> Thanks,
> Ahmed El-Daly
> linux-place.com[/color]

put the following in the .htaccess file in the root of your main page:

php_flag register_global s off
php_flag safe_mode on
Options -Indexes

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Re: turn off register_global s on a shared server

Use the ini_set() function to change the values of the variables.

Thanks
Shabbir Bhimani

Re: turn off register_global s on a shared server

shabbirbhimani@ gmail.com wrote:[color=blue]
> Use the ini_set() function to change the values of the variables.
>
> Thanks
> Shabbir Bhimani
>[/color]

alternatively you can upload your own php.ini to the root of your shared
web space.
PHP always checks for php.ini in the root of the document before it
checks elsewhere.

:)

Re: turn off register_global s on a shared server

aeldaly@gmail.c om wrote:[color=blue]
> Hello all,
>
> My shared server provider has register_global s on. I checked by running
> php_info(); from within a file. I would like to turn this off, but
> asking them to turn it off just for me will not work.[/color]
<snip>

<news:111160396 2.594721.154710 @l41g2000cwc.go oglegroups.com> (

)

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com

Re: turn off register_global s on a shared server

Yes, this did the trick! Thanks!!

setting php_flag register_global s off in the .htaccess file caused a
500 error for some reason!

Thanks to all that replied.

Re: turn off register_global s on a shared server

aeldaly@gmail.c om wrote:
[color=blue]
> Yes, this did the trick! Thanks!!
>
> setting php_flag register_global s off in the .htaccess file caused a
> 500 error for some reason!
>
> Thanks to all that replied.[/color]

Possibly because PHP isn't being run as a module, but rather in CGI
mode... At least that might explain why mod_php4.c is commented out.
Another option is that it may not be an Apache server...

--
Justin Koivisto, ZCE - justin@koivi.co m

Re: turn off register_global s on a shared server

For the record, PHP's ini_set() function cannot be used to change the value
of register_global s at run-time.



ECRIA



<shabbirbhimani @gmail.com> wrote in message
news:1122434034 .930915.255370@ g49g2000cwa.goo glegroups.com.. .[color=blue]
> Use the ini_set() function to change the values of the variables.
>
> Thanks
> Shabbir Bhimani
>[/color]

Re: turn off register_global s on a shared server

It is an apache server for sure. In any case, putting php.ini in the
root folder is the best solution as I can tweak it as I please :D

Re: turn off register_global s on a shared server

This is what I did and it works flawlessly. Problem is is now it is
accessible to the www. Is there a way to put it somewhere else not
accessible by apache, but where php can read it?

Re: turn off register_global s on a shared server

On 29 Jul 2005 15:09:43 -0700, aeldaly@gmail.c om wrote:[color=blue]
> This is what I did and it works flawlessly. Problem is is now it is
> accessible to the www. Is there a way to put it somewhere else not
> accessible by apache, but where php can read it?[/color]

Just _what_ are you nattering on about?
Oh, I see the problem:
X-Trace: posting.google. com

Re: turn off register_global s on a shared server

> Just _what_ are you nattering on about?[color=blue]
> Oh, I see the problem:
> X-Trace: posting.google. com
>
> http://groups.google.com/googlegroup...html#summarize
> http://oakroadsystems.com/genl/unice.htm#quote[/color]

Thank you very much in directing me to those resources, nicely :D I
understand that other people would have taken this opportunity to say
some very unkind words ;)

I have taken note of this and this here is the result :)

Cheers,
Ahmed El-Daly

Re: turn off register_global s on a shared server

Rob wrote:[color=blue]
> shabbirbhimani@ gmail.com wrote:[color=green]
> > Use the ini_set() function to change the values of the variables.
> >
> > Thanks
> > Shabbir Bhimani
> >[/color]
>
> alternatively you can upload your own php.ini to the root of your shared
> web space.
> PHP always checks for php.ini in the root of the document before it
> checks elsewhere.
>
> :)[/color]

Yes, thanks. As I said earlier, this works. Problem is is now it is
accessible to anyone who care to check for it:
http://servername/php.ini. I would say that this is probably a security
risk? (not sure). Is there a way to put it somewhere else not
accessible by apache, but where php can read it? I tried changing the
permissions on the file, but that has not helped.

Thanks,
Ahmed El-Daly