register_globals on

[GeorgeA]

Hi. I have a shared basic account , and noticed I had register_globals on , and as that might be a security problem (xss attacks) I wonder if I could have that turned off.
I tried to disable it trough .htaccess:

Code:

php_flag register_globals Off

and trough a php.ini file

Code:

register_globals off

but neither method worked.
I am running php5 trough the instructions in the knowledge base.

[Ray]

Hello,

Unfortunately, with PHP 5, we are unable to provide site/folder specific PHP directives. We are looking into disabling register_globals for PHP 5 at this time.

[Kevin]

Hello,

Unfortunately, with PHP 5, we are unable to provide site/folder specific PHP directives. We are looking into disabling register_globals for PHP 5 at this time.

This issue should now be fixed. I have installed a PHP 5 module called htscanner which will parse the .htaccess files for PHP configuration directives and pass them on to PHP automatically. If it doesn't work for some particular usage case, be sure to let us know.

[dan]

This issue should now be fixed. I have installed a PHP 5 module called htscanner which will parse the .htaccess files for PHP configuration directives and pass them on to PHP automatically. If it doesn't work for some particular usage case, be sure to let us know.

Thanks, I requested this a while back since I was using a popular wiki script (mediawiki) that needed php 5 to work but became very insecure with register_globals turned on.

[GeorgeA]

Great news Kevin!Waiting forward to actually test this.

[kb0kqa]

This will probably be handy to know - the new Drupal 5.6 requires this to be off.

I tried php_flag register_globals Off in the .htaccess using php4 and it worked as well.