register_globals is enabled issue
kristinecummins - July 10, 2008 - 06:56
I have created a directory on the server /cms/ where the Drupal files are. I have created php.ini with "php_flag register_globals 0", have tried "php_flag register_globals off" to no avail. I created a .htaccess file with the same code and does not work. I've uploaded these files in the top level and in /cms/. I have tweaked the .htaccess file that comes along with Drupal and that doesn't work either. This is my first stab at Drupal and can't get off square one. Any ideas?
hosting issue
Your best option is to contact your hosts and ask them to switch register_globals off on the server itself - it's a security issue and extremely bad practice to leave it enabled.
Worst case scenario you
Worst case scenario you could comment out the part of Drupal install that checks.
My host has register globals disabled but Drupal still gave me that error.
How do I do the worst case scenario?
GoDaddy refuses to help me because it's a scripting issue which they consider has nothing to do with them. If you could give me instruction on how to comment out that part of the install, I'd be so grateful.
In the bootstap.inc
In the bootstap.inc file:
About line 218, You'll see this code
/**
* Unsets all disallowed global variables. See $allowed for what's allowed.
*/
function drupal_unset_globals() {
if (ini_get('register_globals')) {
$allowed = array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'access_check' => 1, 'GLOBALS' => 1);
foreach ($GLOBALS as $key => $value) {
if (!isset($allowed[$key])) {
unset($GLOBALS[$key]);
}
}
}
}
I just changed it to this:
/**
* Unsets all disallowed global variables. See $allowed for what's allowed.
function drupal_unset_globals() {
if (ini_get('register_globals')) {
$allowed = array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'access_check' => 1, 'GLOBALS' => 1);
foreach ($GLOBALS as $key => $value) {
if (!isset($allowed[$key])) {
unset($GLOBALS[$key]);
}
}
}
}
*/
I did this for mine and was able to install Drupal no problem.
Not working yet
Hi all,
I'm having the same problems as kristinecummins. I tried jumonjii's solution and also commented out the place in the same file where the function is called, but I still got the error and cannot continue with the installation.
Does anybody know another trick to skip that checking?
It's going to take some time till I get an answer from the hosting company and I wanted to start tweaking with Drupal 6 as soon as possible.
Cheers!
Remove the section
Remove the section completely.
the section?
do you mean the whole case DRUPAL_BOOTSTRAP_CONFIGURATION: in the method function _drupal_bootstrap($phase)?
I tried that but still got the same error.
Or maybe you mean to remove something else?
Solved!
Hi all,
If someone else has this problem, that's what I did to solve it.
In the file DRUPAL_ROOT/modules/system/system.install I commented out the register_globals check and set this variable to off manually.
I changed this (from line 54 in version 6.3):
if (!empty($register_globals) && strtolower($register_globals) != 'off') {
$requirements['php_register_globals']['description'] = $t('register_globals is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when register_globals is enabled. The PHP manual has instructions for how to change configuration settings.');
$requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR;
$requirements['php_register_globals']['value'] = $t("Enabled ('@value')", array('@value' => $register_globals));
}
else {
$requirements['php_register_globals']['value'] = $t('Disabled');
}
With this:
//if (!empty($register_globals) && strtolower($register_globals) != 'off') {
//$requirements['php_register_globals']['description'] = $t('register_globals is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when register_globals is enabled. The PHP manual has instructions for how to change configuration settings.');
//$requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR;
//$requirements['php_register_globals']['value'] = $t("Enabled ('@value')", array('@value' => $register_globals));
//}
//else {
//$requirements['php_register_globals']['value'] = $t('Disabled');
//}
$requirements['php_register_globals']['value'] = $t('Disabled');
Enjoy Drupal!
change your hosting
That "it's a scripting issue" answer should be translated to "find another hosting provider, we're not much good". It's a security issue and has everything to do with them.
See here: http://uk.php.net/register_globals
The way I solved this
The way I solved this problem on my HostGator account was to copy the servers php.ini file (located at /usr/lib/php.ini) to my home directory (/home/MYUSERNAME/php.ini) and then edited it with the settings that I wanted. Then, I created an .htaccess file in the same directory with this in it:
<IfModule mod_suphp.c>suPHP_ConfigPath /home/MYUSERNAME
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>
FYI, my html files are stored in /home/MYUSERNAME/public_html. I got the solution from this thread: http://forums.hostgator.com/php-ini-without-copying-all-subdirectories-t...
I don't know if this will work for you, but I thought it was worth sharing.
maybe this will work with techark
I'll try it and post back. Thanks.
edited: techark fixed register_globals to off. didn't explain how but now it works with drupal.