try adding a .htaccess file with this as the very first line, otherwise PM me and I'll Try and help you out
-Dave
Code: Select all
php_flag register_globals Off
Professional Website Services - http://www.davidmgilbert.com/
Active Member
If your server runs the PHP scripts as CGI, try using a 'php.ini' file in your OpenCart main directory and in the 'admin' directory, with the following content:
register_globals = Off
register_globals = Off
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
The most recently 0.x branch DOES NOT have any checks for "register_globals". It doesn't need them.bruce wrote:what ??!hm2k wrote: Your error is unrelated to the latest version of opencart, please upgrade.
Are you kidding me? Please do not post if you have nothing helpful to say. I subscribe to these threads and was waiting for the original poster to reply.
http://i40.photobucket.com/albums/e244/ ... ileyLJ.gif[/img]
http://i40.photobucket.com/albums/e244/ ... ileyLJ.gif[/img]
I have no idea what is going on any more and I'm going to declare myself out of this thread.
david.gilbert wrote: try adding a .htaccess file with this as the very first line, otherwise PM me and I'll Try and help you out
-DaveCode: Select all
php_flag register_globals Off
you rock dave !!
its fine with the cart now =
thanks a lot everybody
Actually registered globals needs to be disabled to get opencart to work properly. Even with the code that has been added in the latest 0.0x. Globals can still cause opencart not to work properly.
OpenCart®
Project Owner & Developer.
1. OpenCart will NOT install unless it is running PHP 5.0 or above. As of » PHP 4.2.0, this directive defaults to off.
2. Your web hosting provider should ensure the register-globals is set to OFF in the "php.ini" file.
3. You can uncomment the (php_flag register_globals Off) directive in the ".htaccess" file provided.
4. If all else fails, we have included the unregister_globals emulation.
I've seen plenty of "register_globals is enabled" error reports, yet i've seen no complaints with regards to the "unregister_globals emulation".
2. Your web hosting provider should ensure the register-globals is set to OFF in the "php.ini" file.
3. You can uncomment the (php_flag register_globals Off) directive in the ".htaccess" file provided.
4. If all else fails, we have included the unregister_globals emulation.
I've seen plenty of "register_globals is enabled" error reports, yet i've seen no complaints with regards to the "unregister_globals emulation".
Last edited by hm2k on Thu Nov 27, 2008 2:41 am, edited 1 time in total.
1. This is correct.hm2k wrote: 1. OpenCart will NOT install unless it is running PHP 5.0 or above. As of » PHP 4.2.0, this directive defaults to off.
2. Your web hosting provider should ensure the register-globals is set to OFF in the "php.ini" file.
3. You can uncomment the (php_flag register_globals Off) directive in the ".htaccess" file provided.
4. If all else fails, we have included the unregister_globals emulation.
2. Can you guarantee that your web hosting provider has register-globals set to off?
3. Do this to guarantee that register-globals is turned off.
4. I'll take your word on that.
It should be noted, that having register-globals set to ON is a security risk, which is why it is turned off by default in the first place.
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
I think the issue here is not whether it should be on or off (we know it should be off ), but handling cases where it is turned on.fido-x wrote: It should be noted, that having register-globals set to ON is a security risk, which is why it is turned off by default in the first place.
1. You can still turn register globals on.
2. Some people have no control over their web hosting provider's decision.
3. Some web servers do not permit use of .htaccess or php_flag.
4. A fall back is included, if all else fails.
Daniel thinks the fall back should be to die() with an error, while I prefer the unregister_globals() method.
As I said, i've yet to see any issues with the method.
Although register_globals is a security risk, due to the large number of products available, it is not uncommon for register_globals to be needed. Therefore many hosting companies use extra security measures to counter-act the security risks imposed and have register_globals enabled to make their hosting compatible with more products than not.
Try running an osCommerce site with register_globals off, it simply wont happen. Because osCommerce is one of the most wideley used ecommerce solutions, many hosting providers need to set register_globas on to prevent huge amounts of support issues.
register_globals off emulation, whist I have not ever used it, some reading seems to suggest to me that it too poses other security issues that are not commonly prevented against with your standard run of the mill $7.95 hosting service, perhaps one for hm2k to check with some hosts hey?
All of my dedicated hosting servers are set with register_globals off and I allow it to be over-written via .htaccess on a need to be overwritten basis. However I am one of the conservative people in this world that triple checks and applies security fixes for known bugs in all aspects of the servers software and operating system.
-Dave
Try running an osCommerce site with register_globals off, it simply wont happen. Because osCommerce is one of the most wideley used ecommerce solutions, many hosting providers need to set register_globas on to prevent huge amounts of support issues.
register_globals off emulation, whist I have not ever used it, some reading seems to suggest to me that it too poses other security issues that are not commonly prevented against with your standard run of the mill $7.95 hosting service, perhaps one for hm2k to check with some hosts hey?
All of my dedicated hosting servers are set with register_globals off and I allow it to be over-written via .htaccess on a need to be overwritten basis. However I am one of the conservative people in this world that triple checks and applies security fixes for known bugs in all aspects of the servers software and operating system.
-Dave
Last edited by david.gilbert on Thu Nov 27, 2008 10:10 pm, edited 1 time in total.
Professional Website Services - http://www.davidmgilbert.com/
Active Member
Who is online
Users browsing this forum: No registered users and 34 guests