Register Globals

Error: register_globals is enabled!

hv searched around the forum..
but still dun understand how to solve this,,,

please help million thanks...

try adding a .htaccess file with this as the very first line, otherwise PM me and I'll Try and help you out
-Dave

Your error is unrelated to the latest version of opencart, please upgrade.

hm2k wrote: Your error is unrelated to the latest version of opencart, please upgrade.

what ??!

If your server runs the PHP scripts as CGI, try using a 'php.ini' file in your OpenCart main directory and in the 'admin' directory, with the following content:

register_globals = Off

bruce wrote:

hm2k wrote: Your error is unrelated to the latest version of opencart, please upgrade.

what ??!

The most recently 0.x branch DOES NOT have any checks for "register_globals". It doesn't need them.

Sorry, could not resist. Depending on the emphasis while reading... it looks quite funny

Are you kidding me? Please do not post if you have nothing helpful to say. I subscribe to these threads and was waiting for the original poster to reply.

http://i40.photobucket.com/albums/e244/ ... ileyLJ.gif[/img]

I have no idea what is going on any more and I'm going to declare myself out of this thread.

sorry I've hijacked the thread to trade a few jabs with bruce 

Q, you are killing me... hahahaha

david.gilbert wrote: try adding a .htaccess file with this as the very first line, otherwise PM me and I'll Try and help you out

Code: Select all

php_flag register_globals Off

-Dave

you rock dave !!
its fine with the cart now =

thanks a lot everybody

Actually registered globals needs to be disabled to get opencart to work properly. Even with the code that has been added in the latest 0.0x. Globals can still cause opencart not to work properly.

1. OpenCart will NOT install unless it is running PHP 5.0 or above. As of » PHP 4.2.0, this directive defaults to off.
2. Your web hosting provider should ensure the register-globals is set to OFF in the "php.ini" file.
3. You can uncomment the (php_flag register_globals Off) directive in the ".htaccess" file provided.
4. If all else fails, we have included the unregister_globals emulation.

I've seen plenty of "register_globals is enabled" error reports, yet i've seen no complaints with regards to the "unregister_globals emulation".

hm2k wrote: 1. OpenCart will NOT install unless it is running PHP 5.0 or above. As of » PHP 4.2.0, this directive defaults to off.
2. Your web hosting provider should ensure the register-globals is set to OFF in the "php.ini" file.
3. You can uncomment the (php_flag register_globals Off) directive in the ".htaccess" file provided.
4. If all else fails, we have included the unregister_globals emulation.

1. This is correct.
2. Can you guarantee that your web hosting provider has register-globals set to off?
3. Do this to guarantee that register-globals is turned off.
4. I'll take your word on that.

It should be noted, that having register-globals set to ON is a security risk, which is why it is turned off by default in the first place.

fido-x wrote: It should be noted, that having register-globals set to ON is a security risk, which is why it is turned off by default in the first place.

I think the issue here is not whether it should be on or off (we know it should be off ), but handling cases where it is turned on.

1. You can still turn register globals on.
2. Some people have no control over their web hosting provider's decision.
3. Some web servers do not permit use of .htaccess or php_flag.
4. A fall back is included, if all else fails.

Daniel thinks the fall back should be to die() with an error, while I prefer the unregister_globals() method.

As I said, i've yet to see any issues with the method.

Although register_globals is a security risk, due to the large number of products available, it is not uncommon for register_globals to be needed. Therefore many hosting companies use extra security measures to counter-act the security risks imposed and have register_globals enabled to make their hosting compatible with more products than not.

Try running an osCommerce site with register_globals off, it simply wont happen. Because osCommerce is one of the most wideley used ecommerce solutions, many hosting providers need to set register_globas on to prevent huge amounts of support issues.

register_globals off emulation, whist I have not ever used it, some reading seems to suggest to me that it too poses other security issues that are not commonly prevented against with your standard run of the mill $7.95 hosting service, perhaps one for hm2k to check with some hosts hey?

All of my dedicated hosting servers are set with register_globals off and I allow it to be over-written via .htaccess on a need to be overwritten basis. However I am one of the conservative people in this world that triple checks and applies security fixes for known bugs in all aspects of the servers software and operating system.

-Dave

so osCommerce is like IE6.. widely used cancer... Funny how the worst things are always the most abundant