Which files will be influenced by "register_globals 0" in .htaccess
This is a discussion on Which files will be influenced by "register_globals 0" in .htaccess within the PHP Language forums, part of the PHP Programming Forums category; Hi, in the home directory I put .htaccess with "register_globals 0". Obviously, all php-files from this directory ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-15-2008
|
|||
|
|||
Which files will be influenced by "register_globals 0" in .htaccess
Hi,
in the home directory I put .htaccess with "register_globals 0". Obviously, all php-files from this directory will not take variables from the address line. But, as far as I understand, the .htaccess files influences on all files in the subdirectories so that they also cannot take the variables from the address line. Should it be like that? 
|
|
01-15-2008
|
|||
|
|||
|
Re: Which files will be influenced by "register_globals 0" in .htaccess
On Tue, 15 Jan 2008 02:13:49 +0100, Kurda Yon <kurdayon@yahoo.com> wrote:
> in the home directory I put .htaccess with "register_globals 0". php_value register_globals 0 At least, that's what Apache likes here. > Obviously, all php-files from this directory will not take variables > from the address line. But, as far as I understand, the .htaccess > files influences on all files in the subdirectories so that they also > cannot take the variables from the address line. Should it be like > that? That's how it's supposed to work yes, if the starting script is there. Keep in mind that if the requests originates from somewhere else with register_globals on possible includes from this dir will also have it enabled. -- Rik Wasmus
|
|
01-15-2008
|
|||
|
|||
|
Re: Which files will be influenced by "register_globals 0" in.htaccess
> That's how it's supposed to work yes, if the starting script is there.
I am not so familiar with the terminology. What do you understand under the "starting script"? > Keep in mind that if the requests originates from somewhere else with > register_globals on possible includes from this dir will also have it > enabled. Do you mean "user request of a php page" or something else? If first, what do you understand under "request originates from a directory"?
|
|
01-15-2008
|
|||
|
|||
|
Re: Which files will be influenced by "register_globals 0" in .htaccess
Kurda Yon wrote:
>> That's how it's supposed to work yes, if the starting script is there. > I am not so familiar with the terminology. What do you understand > under the "starting script"? > > >> Keep in mind that if the requests originates from somewhere else with >> register_globals on possible includes from this dir will also have it >> enabled. > Do you mean "user request of a php page" or something else? If first, > what do you understand under "request originates from a directory"? > > If a script include()'s another, then all variables in the called script will be affected by the setting of register_globals. -thibī
|
|
01-15-2008
|
|||
|
|||
|
Re: Which files will be influenced by "register_globals 0" in .htaccess
Kurda Yon wrote:
> Hi, > > in the home directory I put .htaccess with "register_globals 0". > Obviously, all php-files from this directory will not take variables > from the address line. But, as far as I understand, the .htaccess > files influences on all files in the subdirectories so that they also > cannot take the variables from the address line. Should it be like > that? Honestly if your host has register globals turned on, you really need to be changing host. That's a big sign of improperly configured settings and a major security risk. If your the owner of the server, you need to turn register globals off by the main php.ini immediately. Same goes for PHP4, any host not at least offering both at the same time is a good sign its time to change host (FYI: PHP4 Is not even supported anymore, as PHP5's been out for 4 years and PHP6 is due for release in August). And if your in a phpSuExec enviroment (which is a very good thing, as its alot more secure and easier to access files without worrying about proper chmod enabling your files to other users, and would be very odd to have this but also have register globals on), you would not use ..htaccess, you would place a php.ini inside of the directory with your scripts. The only downside to the phpSuExec method of placing a php.ini in the directory is that, if i recall correctly, it does not take place for sub directories. -- Daniel Ennis faNetworks.net - Quality Web Hosting and Ventrilo Services System Administrator / Web Developer PHP Developer for 6 years daniel@fanetworks.net
|
|
01-15-2008
|
|||
|
|||
|
Re: Which files will be influenced by "register_globals 0" in .htaccess
On Tue, 15 Jan 2008 02:40:03 +0100, Kurda Yon <kurdayon@yahoo.com> wrote:
>> That's how it's supposed to work yes, if the starting script is there. > I am not so familiar with the terminology. What do you understand > under the "starting script"? > > >> Keep in mind that if the requests originates from somewhere else with >> register_globals on possible includes from this dir will also have it >> enabled. > Do you mean "user request of a php page" or something else? If first, > what do you understand under "request originates from a directory"? Look at it like this, in example.com you have 3 dirs, with each a file: /dir, which holds script.php /dir/sub, which has a .htaccess file /dir/sub/foo which holds otherscript.php If the user enter with the url example.com/dir/sub/foo/otherscript.php, register globals will be off, if the user enters with the url example.com/dir/script.php, and that include()'s otherscript.php, the entire code in both files will be run wi8th register global on. -- Rik Wasmus
|
Linear Mode
