Hi,
in the home directory I put .htaccess with "register_globa ls 0".
Obviously, all php-files from this directory will not take variables
from the address line. But, as far as I understand, the .htaccess
files influences on all files in the subdirectories so that they also
cannot take the variables from the address line. Should it be like
that?
5  2458 
On Tue, 15 Jan 2008 02:13:49 +0100, Kurda Yon <ku******@yahoo .comwrote:
in the home directory I put .htaccess with "register_globa ls 0".
php_value register_global s 0
At least, that's what Apache likes here.
Obviously, all php-files from this directory will not take variables
from the address line. But, as far as I understand, the .htaccess
files influences on all files in the subdirectories so that they also
cannot take the variables from the address line. Should it be like
that?
That's how it's supposed to work yes, if the starting script is there.
Keep in mind that if the requests originates from somewhere else with
register_global s on possible includes from this dir will also have it
enabled.
--
Rik Wasmus
That's how it's supposed to work yes, if the starting script is there.
I am not so familiar with the terminology. What do you understand
under the "starting script"?
Keep in mind that if the requests originates from somewhere else with
register_global s on possible includes from this dir will also have it
enabled.
Do you mean "user request of a php page" or something else? If first,
what do you understand under "request originates from a directory"?
Kurda Yon wrote:
>That's how it's supposed to work yes, if the starting script is there.
I am not so familiar with the terminology. What do you understand
under the "starting script"?
>Keep in mind that if the requests originates from somewhere else with
register_globa ls on possible includes from this dir will also have it
enabled.
Do you mean "user request of a php page" or something else? If first,
what do you understand under "request originates from a directory"?
If a script include()'s another, then all variables in the called script
will be affected by the setting of register_global s.
-thib´
Kurda Yon wrote:
Hi,
in the home directory I put .htaccess with "register_globa ls 0".
Obviously, all php-files from this directory will not take variables
from the address line. But, as far as I understand, the .htaccess
files influences on all files in the subdirectories so that they also
cannot take the variables from the address line. Should it be like
that?
Honestly if your host has register globals turned on, you really need to
be changing host. That's a big sign of improperly configured settings
and a major security risk. If your the owner of the server, you need to
turn register globals off by the main php.ini immediately.
Same goes for PHP4, any host not at least offering both at the same time
is a good sign its time to change host (FYI: PHP4 Is not even supported
anymore, as PHP5's been out for 4 years and PHP6 is due for release in
August).
And if your in a phpSuExec enviroment (which is a very good thing, as
its alot more secure and easier to access files without worrying about
proper chmod enabling your files to other users, and would be very odd
to have this but also have register globals on), you would not use
..htaccess, you would place a php.ini inside of the directory with your
scripts.
The only downside to the phpSuExec method of placing a php.ini in the
directory is that, if i recall correctly, it does not take place for sub
directories.
--
Daniel Ennis
faNetworks.net - Quality Web Hosting and Ventrilo Services
System Administrator / Web Developer
PHP Developer for 6 years da****@fanetwor ks.net
On Tue, 15 Jan 2008 02:40:03 +0100, Kurda Yon <ku******@yahoo .comwrote:
>That's how it's supposed to work yes, if the starting script is there.
I am not so familiar with the terminology. What do you understand
under the "starting script"?
>Keep in mind that if the requests originates from somewhere else with
register_globa ls on possible includes from this dir will also have it
enabled.
Do you mean "user request of a php page" or something else? If first,
what do you understand under "request originates from a directory"?
Look at it like this, in example.com you have 3 dirs, with each a file:
/dir, which holds script.php
/dir/sub, which has a .htaccess file
/dir/sub/foo which holds otherscript.php
If the user enter with the url example.com/dir/sub/foo/otherscript.php ,
register globals will be off, if the user enters with the url
example.com/dir/script.php, and that include()'s otherscript.php , the
entire code in both files will be run wi8th register global on.
--
Rik Wasmus This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Skip Montanaro |
last post by:
I updated the patch that supports PEP 304, "Controlling Generation of
Bytecode Files" to apply cleanly against current CVS. I've tested it on Mac
OS X (straight Unix build only). I'd appreciate it if some Linux, Windows
and Mac framework folks could apply the patch, rebuild, then run the tests
(there is a "testbcb" target in the Makefile that should give Windows people
an idea what to do). The patch is attached to
...
|
by: wukexin |
last post by:
Help me, good men. I find mang books that introduce bit "mang header
files",they talk too bit,in fact it is my too fool, I don't learn it, I have
do a test program, but I have no correct doing result in any way. Who can
help me, I thank you very very much.
list.cpp(main program)
//--------------------------------------------------------------------------
-
#pragma hdrstop
#pragma argsused
|
by: Rosa |
last post by:
Hi,
I'm trying to clear the TIF on Windows XP programmatically with the
below code.
This code works fine on any folder but the TIF. For some reason the
atEnd() statements always defaults to true and no files are deleted in
the folder.
The peculiarity of this issue is that the files/subfolders cannot be
seen through the windows explorer either. I can only access/delete
them through a command shell.
Any ideas?
|
by: George Marsaglia |
last post by:
I have a set of, say, 2000 points in the 8-dimensional simplex
S={(x_1,x_2,...,x_8),x_1+x_2+...+x_8=1, x's>=0}.
To help analyze that 8-dimensional set, I wish to project
the set of points onto each of the 'faces' {x_i+x_j+x_k=1}
for the 56 choices i,j,k, that is, i=1 to 6; j=i+1 to 7; k=j+1 to 8.
Finally, use gnuplot to load and plot each of the 56 files of 3-d points.
I have C code that will, for given i,j,k, find the projection...
|
by: Jim |
last post by:
Is it possible to read the Temporary Internet Files folder using C#? I'm
messing with FileIO (newbie here) and everything seems to work fine until I
try to read the list of files in this Temporary Internet Files folder. I'm
only received 1 file when I know there is more.
Any suggestions are very appreciated.
Thanks
| | |
by: Nicolás Castagnet |
last post by:
Hi,
I write this post because I notice a strange behavior related with
"Temporary Internet Files" and maybe some of you can help me to understand
it.
I am working in a web application with ASP.NET. Recently, I group of user
have problems with it because the values of the sessions were not stored
correctly (the application save the username in a login page, then other
page try to get it and the result was always ""). We restart the web...
|
by: pike |
last post by:
db2 8.1 FP11 on AIX 5.3.0.0 .
The db2diag.log is intermittently reporting EMFILE (24) "Too many open
files" errors. The culprit is always db2hmon. Sample db2diag.log
output follows:
2007-03-20-07.42.35.269106+060 I14996239C505 LEVEL: Severe (OS)
PID : 2289758 TID : 772 PROC : db2hmon 0
INSTANCE: defser_t NODE : 000
FUNCTION: DB2 UDB, SQO Memory Management, sqlocshr2, probe:200
|
by: zacks |
last post by:
Most applications whose purpose is to work with various types of files
implement a "Most Recent Files" list, where the last, say, four files
accessed by the application can quickly be re-opened by clicking on
the file name in the File menu. Thist list is usually just above the
typical Exit menu item.
I take it there is no "automatic" way of implementing this, that each
application has to have code that manually does this. I have a good...
|
by: Ty Oft |
last post by:
Hello Bytes!
Maybe my question seems a bit silly (as one could simply answer it "Well, what are you more passionate about?" or stuff like that - please don't answer like this), but I am in a bit of a dilemma and time is short at the moment and I need to make a decision before it's too late.
I have just begun my second year in a UK uni for a BSc Hons Web Systems Development but I am not that happy about the course. Very diluted in my opinion....
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
