? files
? register_globals_check-D6.patch
? register_globals_check-D6_0.patch
? sites/default/settings.php
? sites/default/themes
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.230
diff -u -p -r1.230 system.install
--- modules/system/system.install	16 Jan 2008 10:37:43 -0000	1.230
+++ modules/system/system.install	16 Jan 2008 17:49:04 -0000
@@ -52,10 +52,6 @@ function system_requirements($phase) {
     $requirements['webserver']['description'] = $t('Unable to determine your web server type and version. Drupal might not work properly.');
     $requirements['webserver']['severity'] = REQUIREMENT_WARNING;
   }
-  if (ini_get('register_globals')) {
-    $requirements['php']['description'] = $t('<em>register_globals</em> is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when <em>register_globals</em> is enabled. The PHP manual has instructions for <a href="http://php.net/configuration.changes">how to change configuration settings</a>.');
-    $requirements['php']['severity'] = REQUIREMENT_ERROR;
-  }
 
   // Test PHP version
   $requirements['php'] = array(
@@ -67,6 +63,25 @@ function system_requirements($phase) {
     $requirements['php']['severity'] = REQUIREMENT_ERROR;
   }
 
+  // Test PHP register_globals setting.
+  $requirements['php_register_globals'] = array(
+    'title' => $t('PHP register globals'),
+  );
+  $register_globals = ini_get('register_globals');
+  // Register globals is guaranteed to be off if the value is 'off', '', or 0.
+  // Due to the wide range of results returned by ini_get(), this test may
+  // result in false positives (for example if the ini_get() returns any
+  // string other than '' or 'off'), but it should never tell the user that
+  // their site is secure with register globals off, when it is in fact on.
+  if (!empty($register_globals) && strtolower($register_globals) != 'off') {
+    $requirements['php_register_globals']['description'] = $t('<em>register_globals</em> is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when <em>register_globals</em> is enabled. The PHP manual has instructions for <a href="http://php.net/configuration.changes">how to change configuration settings</a>.');
+    $requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR;
+    $requirements['php_register_globals']['value'] = $t("Enabled ('@value')", array('@value' => $register_globals));
+  }
+  else {
+    $requirements['php_register_globals']['value'] = $t('Disabled');
+  }
+
   // Test PHP memory_limit
   $memory_limit = ini_get('memory_limit');
   $requirements['php_memory_limit'] = array(