Difference between revisions of "Register globals"

Page Actively Being Edited!

This article is actively undergoing a major edit for a short while.
As a courtesy, please do not edit this page while this message is displayed. The user who added this notice will be listed in the page history. This message is intended to help reduce edit conflicts; please remove it between editing sessions to allow others to edit the page. If this page has not been edited for several hours, please remove this template, or replace it with {{underconstruction}} or {{incomplete}}.

What is it?[edit]

Register_globals is a PHP environmental setting that has been the subject of contravercy for a while now. The significance to this is that older versions of PHP often have this variable set to on, and that setting is known to allow to allow un-safe coding to leave a site vulnerable. You can find more details at [1]. (Joomla 1.x releases also have a related emulator for this setting Register_Globals, which was implemented for backward compatibility with older components and extensions. It is generally preferred not to enable this capability. If you have a component that requires this setting, you should look for an update, or an alternative component.)

Can I change it?[edit]

Yes, maybe. Depending on how much control you have of your server, there are several approaches to addressing this setting.

If you have complete control of your server, then you probably want to make sure that your main php configuration file (which is typically found in /usr/local/lib/php.in) has the directive register_globals set to 0(zero).

If you're in a shared web environment, most likely your hosting provider will not let you modify this file. You have a couple of options in this case.

Where do I change it?[edit]

If you have access to your home directory, you need to include your own copy of a php.ini file.