Register globals should be disabled

Last modified: September 12, 2008 - 22:57

During Drupal installation

During installation, Drupal may warn of an improper "register globals" setting:

"register globals" is a security risk and should be disabled on all Drupal installations".

Either of these techniques will disable "register globals" on Apache servers:

  • 1. Disable "register globals" through php.ini
    Create a file named php.ini in Drupal's root directory that has the following line:
    register_globals = off
    (If php.ini already exists, add the above line to it.)
  • 2. Disable register globals through .htaccess
    Add the following line to Drupal's .htaccess file:
    php_value register_globals 0

More information

For more information about how to change PHP configuration settings, see "How to change configuration settings" in the PHP Manual.

Forcing PHP5

When both of those procedure do not work, then adding following code line to the .htaccess file force PHP5.

AddType x-mapp-php5 .php

Note: Also it's worth noting that the .htaccess method only works if PHP is running as an Apache module, and the php.ini method only works if PHP is running as CGI.

 
 

Drupal is a registered trademark of Dries Buytaert.