[horde] Horde 4.0 + Register_globals ON

Ralf Lang lang at b1-systems.de
Thu Jul 7 10:32:53 UTC 2011

Am Donnerstag, 7. Juli 2011, 10:45:05 schrieb Baptiste Bauer:
> Hi,
> I have a Ubuntu server : Linux 2.6.24-19-server with PHP 5.2.4.
> Successfully, Horde 4.0 was installed.
> And I can access to the admin panel control, ONLY With  "Register_globals =
> Off"  on my php.ini.
> But I must keep the value to "ON" to allow intranet work properly. (Many
> business applications, yes  I know .that  sucks a lot . but I 've no
> choice.. ).

Sounds like you should take time or money and patch your critical business 

This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is 
highly discouraged. It's been off by default since PHP 4.2.0 and will most 
probably be dropped in PHP 5.4 / 6.

Here's what the manual says:

register_globals boolean

    Whether or not to register the EGPCS (Environment, GET, POST, Cookie, 
Server) variables as global variables.

    As of » PHP 4.2.0, this directive defaults to off.

    Please read the security chapter on Using register_globals for related 

    Please note that register_globals cannot be set at runtime (ini_set()). 
Although, you can use .htaccess if your host allows it as described above. An 
example .htaccess entry: php_flag register_globals off. 

There are some really proficient PHP consultants around here. Make your 
manager think about it.

Ralf Lang
Linux Consultant / Developer

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

More information about the horde mailing list