[horde] Horde 4.0 + Register_globals ON
Ralf Lang
lang at b1-systems.de
Thu Jul 7 10:32:53 UTC 2011
Am Donnerstag, 7. Juli 2011, 10:45:05 schrieb Baptiste Bauer:
> Hi,
>
> I have a Ubuntu server : Linux 2.6.24-19-server with PHP 5.2.4.
>
> Successfully, Horde 4.0 was installed.
>
>
>
> And I can access to the admin panel control, ONLY With "Register_globals =
> Off" on my php.ini.
>
>
>
> But I must keep the value to "ON" to allow intranet work properly. (Many
> business applications, yes I know .that sucks a lot . but I 've no
> choice.. ).
Sounds like you should take time or money and patch your critical business
applications.
This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is
highly discouraged. It's been off by default since PHP 4.2.0 and will most
probably be dropped in PHP 5.4 / 6.
Here's what the manual says:
register_globals boolean
Whether or not to register the EGPCS (Environment, GET, POST, Cookie,
Server) variables as global variables.
As of » PHP 4.2.0, this directive defaults to off.
Please read the security chapter on Using register_globals for related
information.
Please note that register_globals cannot be set at runtime (ini_set()).
Although, you can use .htaccess if your host allows it as described above. An
example .htaccess entry: php_flag register_globals off.
There are some really proficient PHP consultants around here. Make your
manager think about it.
--
Ralf Lang
Linux Consultant / Developer
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
More information about the horde
mailing list