views:

25

answers:

1

hi,

I've just moved my drupal to a new server and I get the following warning:

register_globals is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when register_globals is enabled. The PHP manual has instructions for how to change configuration settings. (Currently using PHP register globals Enabled ('1'))

Should I change the configuration of the php server or I can ignore it ? I probably don't have access to php settings.

thanks

A: 

Check with your host if they can help you out. If you don't have access to php.ini then you may not be able to. register_globals has been off for a good number of years now so that's surprising. If the host allows you .htaccess files you can add this to yours:

php_flag register_globals off
Typeoneerror
I've actually added these lines to .htaccess but it doesn't solve the issue... http://it.php.net/configuration.changes
Patrick
Since register_globals has been off by default for 10 years now (since php 4.2.0), I would be worried which php version your host is running. If it's php4, I would definitely start looking for another host.
marcvangend
Yeah, your host should fix this for you, and everyone else they're hosting. It's pretty irresponsible that they've left register_globals on.
Scott Reynen

related questions