The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel PHP Register Globals

Discussion in 'General Discussion' started by Kent Brockman, Jun 28, 2008.

  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi, I've been reading about this new implementation but I don't understand why is there this setting available if cPanel is register_gloabls=off compatible.

    How impacts in the cpanel moules this setting if disabled? If we disable this may appear any issue or strange behaviour in third party modules like CSF, Horde, Awstats? Please confirm. Thanks!
     
  2. Kailash1

    Kailash1 Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    252
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should not face the problem after setting register_gloabls = off. Also it is advisable to set register_gloabls to off on shared server fr security reasons.

    Kailash
     
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yep, I know that it is advisable. But my question is oriented to the fact that if it is posible enable register_globals, the reason might be third party modules posibly not supporting register_globals=off. that's why i'm asking that. If you disable register_globals, these changes apply only to the main cPanel/WHM or also to third party plugins and scripts, like CSF, Horde and so. Is this a lossless setting or might impact in some funtions of these scripts? I think we shouldn't face problems, but just asking cPanel staff to be sure. :cool:
     
  4. bhd

    bhd Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    149
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    JNB ZA
    cPanel Access Level:
    Root Administrator
    AFAIK, only fantastico currently requires register_globals to be on. If it's off, customer control panels cannot install fantastico scripts.
     
  5. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Fine, that's exactly what I ve been asking for. If enabling this setting third party scripts would be unusable then this setting should operate only over cpanel main modules, not affecting the operation of third parties' ones. Dont you think so? :D
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The Tweak Setting only impacts PHP Applications that use the internal PHP binary (often located in /usr/local/cpanel/3rdparty/bin). cPanel itself uses no PHP code and will not be impacted by the register_global settings. Hence, it is only 3rd-party applications that will be affected by this setting.

    By enabling, applications will not be made unusable, however some may be unusable after disabling register_globals. We recommend it be disabled, which is what the PHP project has recommended for some years now. Unfortunately, some applications have not updated to work with register_globals disabled.
     
  7. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    ok, this affects only whm third parties? i.e. CSF, Fantastico, Horde? in fact, affects everything you can add as addon ONLY, correct? (please confirm if not).
    Horde and Roundcube are included in the scope of this setting? is it oficially confirmed that they are fully supporting disabled register_globals?

    Added question: installed/available Fantastico scripts are also reached by the scope of this setting? I don't think so, but hesitant.....
     
    #7 Kent Brockman, Jun 30, 2008
    Last edited: Jun 30, 2008
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    It is incredibly rare for register_globals to be used nowadays. Using this technique is considered an abominable practice among PHP coders. Since it will be fully removed in PHP 5.3, many PHP coders have ceased using it.

    Turning off register_globals will only affect third party scripts. Additionally, I am only aware of Fantastico being adversely affected by this.
     
  9. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I don't mean to hijack this thread and stray it off topic or anything, but where did you read about register_globals being removed in PHP 5.3? I had heard it was being removed in PHP 6. I had not heard 5.3. I actually like this news because it will serve greater incentive for users that still rely on register_globals to update their code. I am just wondering if you knew the link where you read about 5.3 and if you could post it.

    Thanks
     
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    It was on the PHP website a while back (can't find a link offhand). Essentially everything scheduled for PHP 6, with exception of Unicode support, is now coming out in 5.3. Unicode support is still slated for 6.0. This was also discussed a couple months ago at Houston's PHP Users Group.
     
  11. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Well well well, I searched the Netenberg's Fantastico Scripts Support Forums and found that the problem is solved:

    Fantastico De Luxe 2.10.4 r16 :: Fixed: "register_globals" Bug: (May 06, 2008)
    http://www.netenberg.com/forum/index.php?topic=6583.0

    And an interesting post about what included scripts are not reg_globs_off compatible: (February 08, 2008)
    http://www.netenberg.com/forum/index.php?topic=6363.0

    It seems that osCommerce is the only script non-compatible. Googling about this, I found a patch for old versions of osCommerce to repair this issue:
    http://www.oscommerce.com/community/contributions,2097

    If not using old versions, the osCommerce Online Merchant v2.2 RC2 patches the register_globals issue: (January 15, 2008)
    http://www.oscommerce.com/about/news,129


    So, update your Fanstastico installation, and after it, update your scripts packages. ;)



    Well, what about Horde, Squirrelmail and Roundcube? are they reached by this setting in cPanel?
     
    #11 Kent Brockman, Jun 30, 2008
    Last edited: Jun 30, 2008
  12. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    In my experience, turning off register_globals has never adversely affected these applications. However, PHP settings for cpsrvd would affect these applications.

    I believe OS Commerce has stated that they will officially resolve these issues (including still being PHP 4-only) in version 3.
     
  13. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Roundcube appears to sometime have been sensible to reg globs when you try to upload attachments. Don't know if already patched, ain't find any reference in bug/patches/changelog pages.
    http://www.roundcubeforum.net/showthread.php?t=725


    The osCommerce version distributed by Fantastico is already patched, since this update was prior to the version now used in their master files.
     
Loading...

Share This Page