ullalla

Well-Known Member
Jan 20, 2006
192
0
166
how we can do registrer globlas on for a single domain(not globaly ) on the server with .htaccess and php.ini ?
 

ullalla

Well-Known Member
Jan 20, 2006
192
0
166
iI dont want to turn on the registrer globles globally , I wan it jsut for a specific domain. Please let me know the complete code for php.ini and .htaccess too.
 

yapluka

Well-Known Member
Dec 24, 2003
301
1
168
France
cPanel Access Level
Root Administrator
php.ini : you just need to create a file in the folder where the script needing it is located, containing this :

Code:
register_globals = On
.htaccess : add this line

Code:
php_value register_globals on
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
Not very smart turning on register_globals even for one domain!

Most all programs these days are designed specifically to work with
register_globals turned OFF but if you actually have one that
requires them, you would be much better off either upgrading or
modifying the program to not need register_globals.

Updating a program to not need register_globals anymore is trivial
and generally doesn't take more than a few seconds to update.
 

SoftDux

Well-Known Member
May 27, 2006
1,024
5
168
Johannesburg, South Africa
cPanel Access Level
Root Administrator
Not very smart turning on register_globals even for one domain!

Most all programs these days are designed specifically to work with
register_globals turned OFF but if you actually have one that
requires them, you would be much better off either upgrading or
modifying the program to not need register_globals.

Updating a program to not need register_globals anymore is trivial
and generally doesn't take more than a few seconds to update.
Thanx for the lecture :)

Unfortunattely we (and most people) don't have control over this. Especially for programs encrypted with Zend encoder or IonCube, or something. Modernbill is one such example. The sad part is, a lot of developer don't see this as a problem, and feel their program is superior - meanig it needs register globals.


P.S. ..... let's not talk about PHP6. yet ....
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
Unfortunattely we (and most people) don't have control over this. Especially for programs encrypted with Zend encoder or IonCube, or something. Modernbill is one such example. The sad part is, a lot of developer don't see this as a problem, and feel their program is superior - meanig it needs register globals.
Actually that's no problem whatsoever!

I can edit Zend or IonCube encoded source!

I developed a program a long while back that reverts any PHP program encoded
with either IonCube (including the newest version!) or Zend back to human
readable PHP source in a matter of seconds and we use that program all
the time where I work.

Ironically both Zend and IonCube have the same vulnerability which I would think
should be rediculously obvious to anyone but for some reason everyone including
the creators of those systems seems to blindly miss it all!

For those who don't have the capability to reverse engineer encoded scripts to source,
a simple wrapper script will do the trick for you to emulate register_globals functionality
where it is actually turned off server wide. Easy enough to setup!
 
Last edited: