indicom
11-18-2005, 04:10 AM
Hello,
I have a script that has been programmed with the value directive register_global set to true
I have hosted this script on a windows server that is having register_global directive set to false.
Also to the best of my knowledge the server is not supporting .htaccess files.
Do let me know what needs to run this script.
Thanks
Burhan
11-18-2005, 06:29 AM
A few options :
1. Recode the script to not rely on register_globals (having this on can pose a security risk to your script)
2. Enable register_globals for your server. You can do this globally if this script is the only thing running on your server by editing the php.ini file.
indicom
11-18-2005, 07:47 AM
The script is a ready made one and to big to recode it with register_globals set to false.
The script is hosted on a server where I am having a shared hosting. So I think I would not able able to modify php.ini as suggested in point 2.
Are there any more options .. ?
Thanks
forumtalk
11-18-2005, 08:07 AM
Add this line to your .htaccess file " php_value register_globals 1"
forumtalk
11-18-2005, 08:08 AM
Hello,
I have a script that has been programmed with the value directive register_global set to true
I have hosted this script on a windows server that is having register_global directive set to false.
Also to the best of my knowledge the server is not supporting .htaccess files.
Do let me know what needs to run this script.
Thanks
Oops I didn't see this :( Also to the best of my knowledge the server is not supporting .htaccess files
malenski
11-18-2005, 09:25 AM
My vote is to recode it.
If thats not an option add some code (include, require) to the beginning of the script that makes local variables from submitted POST and GETs.
foreach ($_REQUEST as $key => $value)
${$key} = $value;
I haven't tested or used this but u get the idea.
TDMWeb
11-18-2005, 07:02 PM
Using register_globals is a security no-no, you need to recode the script.
.htaccess files are not supported on Windows IIS.
tamasrepus
11-18-2005, 10:01 PM
A minimum amount of recoding can come from using PHP's import_request_variables (http://us3.php.net/manual/en/function.import-request-variables.php).
Generally it is just as insecure as register_globals, but much more tame, and can be set at run-time on a per-script basis. You should be able to get away with a one-line modificiation to the script.
indicom
11-21-2005, 07:26 AM
Thanks for all those replies.
I will have those suggestions coded into my script to look for a possible solution.
Thanks Again.
Burhan
11-21-2005, 07:38 AM
foreach ($_REQUEST as $key => $value)
${$key} = $value;
Or ..... extract() (http://php.net/extract) -- but its also not a solution. Best it to recode without relying on register_globals.
