Setting of "register_globals":
register_globals is a PHP setting that controls availability of variables that have been submitted by a user to a PHP script (such as data posted from a form, URL-encoded data, or data from cookies). In earlier releases of PHP, register_globals was set to "on", which made for easier, but less secure coding.
The default setting of register_globals on our web servers has been "off" since the last set of upgrades. While coding in this environment is slightly more cumbersome, there are substantial security benefits. You may read more about this change in the PHP 4.1.0 Release Announcement.
If you have received notice that your web server is being upgraded and you currently maintain a site that contains PHP, you need to choose from the following options:
- To continue using global variables, you will need to follow the instructions for setting up a .htaccess file.
- To TEST your site in advance you can set up a .htaccess file to turn off register globals early.
- If you want to rewrite your code so that it does not rely on global variables (this is strongly encouraged for security reasons), please see the examples section.
If you do not implement one of the above options, your site will likely not work after the upgrade.
If you want to continue using global variables, you will need to create a .htaccess file in your site's main directory (or the main directory of your site that contains PHP scripts). Your .htaccess file should contain the following line:
php_flag register_globals on
We recommend that you create the .htaccess file by logging into your site DIrectAdmin and using the File Manager to create the .htaccess file if it does not exist.
Setting up a .htaccess file for testing
If you want to test your site with the register_globals setting off, you will need to create a .htaccess file in your site's main directory (or the main directory of your site that contains PHP scripts). Your .htaccess file should contain the following line:
php_flag register_globals off
We recommend that you create the .htaccess file by logging into your site with SecureCRT, Nifty Telnet, or another telnet application and using a Unix editor (such as pico, jove, vi, or emacs). Windows and Macintosh editors often insert special characters that may corrupt the .htaccess file and make your site unreachable.
Examples of PHP with register_globals set to "off"
The following examples demonstrate how to work with user-submitted data in an environment where register_globals is set to "off". The developers of PHP strongly encourage coding in this way. For more complete documentation, please see the PHP 4.1.0 Release Announcement.
