The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

registrer globals

Discussion in 'General Discussion' started by ullalla, Dec 20, 2006.

  1. ullalla

    ullalla Well-Known Member

    Joined:
    Jan 20, 2006
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    how we can do registrer globlas on for a single domain(not globaly ) on the server with .htaccess and php.ini ?
     
  2. adept2003

    adept2003 Well-Known Member

    Joined:
    Aug 11, 2003
    Messages:
    283
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    ~ "/(extra|special)/data"
    If you're running phpsuexec, then modify a copy of the global php.ini file so that registerglobals is on. Then copy the new php.ini file to every directory that you want to apply it to.
     
  3. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    I wish there was an easier way todo it, especially if the site runs a CMS + forum, etc, or even modernbill. Isn't there a quick, easy way to get the php.ini file into each folder?
     
  4. ullalla

    ullalla Well-Known Member

    Joined:
    Jan 20, 2006
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    iI dont want to turn on the registrer globles globally , I wan it jsut for a specific domain. Please let me know the complete code for php.ini and .htaccess too.
     
  5. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    php.ini : you just need to create a file in the folder where the script needing it is located, containing this :

    Code:
    register_globals = On
    .htaccess : add this line

    Code:
    php_value register_globals on
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Not very smart turning on register_globals even for one domain!

    Most all programs these days are designed specifically to work with
    register_globals turned OFF but if you actually have one that
    requires them, you would be much better off either upgrading or
    modifying the program to not need register_globals.

    Updating a program to not need register_globals anymore is trivial
    and generally doesn't take more than a few seconds to update.
     
  7. ullalla

    ullalla Well-Known Member

    Joined:
    Jan 20, 2006
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Thanks guys for your replies and assistance.
     
  8. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Thanx for the lecture :)

    Unfortunattely we (and most people) don't have control over this. Especially for programs encrypted with Zend encoder or IonCube, or something. Modernbill is one such example. The sad part is, a lot of developer don't see this as a problem, and feel their program is superior - meanig it needs register globals.


    P.S. ..... let's not talk about PHP6. yet ....
     
  9. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Actually that's no problem whatsoever!

    I can edit Zend or IonCube encoded source!

    I developed a program a long while back that reverts any PHP program encoded
    with either IonCube (including the newest version!) or Zend back to human
    readable PHP source in a matter of seconds and we use that program all
    the time where I work.

    Ironically both Zend and IonCube have the same vulnerability which I would think
    should be rediculously obvious to anyone but for some reason everyone including
    the creators of those systems seems to blindly miss it all!

    For those who don't have the capability to reverse engineer encoded scripts to source,
    a simple wrapper script will do the trick for you to emulate register_globals functionality
    where it is actually turned off server wide. Easy enough to setup!
     
    #9 Spiral, Dec 27, 2006
    Last edited: Dec 27, 2006
  10. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Would you mind sharing your program? And how do I know what code in the scripts to change so that it doesn't need register globals?
     
Loading...

Share This Page