By PurpleEdge on

If I use the standard Drupal .htaccess file, my non-drupal subdomain site ceases to function - the parameters passed to index.php are always empty. (I reset empty parameter to 1 in my code, so only the home page ever shows)

http://www.comformark.com.au/index.php?pagetocall=3

If I delete my .htaccess file it starts to work again. I believe this was only became a problem after I tried to re-configure Drupal to use clean URLs, but it might be that my Drupal site had an empty .htaccess file previously and I have now uploaded the default file.

Is there a setting in .htaccess that would block parameters in a non-drupal sub-domain, if so is it safe to change it?

It's not a good idea to have an empty .htaccess - yes?

Comments

Heine’s picture

Heine commented

If I delete my .htaccess file it starts to work again. I believe this was only became a problem after I tried to re-configure Drupal to use clean URLs, but it might be that my Drupal site had an empty .htaccess file previously and I have now uploaded the default file.

I'm confused: does everything work now with the default drupal .htaccess?

How are your subdomains setup?

PS. You may want to check the block-layout in Opera (free @ http://opera.com).
--
Tips for posting to the forums

PurpleEdge’s picture

PurpleEdge commented

My Drupal site is in the root folder and it does, and always has, works fine. My sub-domain site is in sub-folder /au, is not a Drupal site, just a vanilla php site. It always worked fine, until I replaced .htaccess, in the root folder, with the default Drupal .htaccess.

Now it doesn't get the ?pagetoprocess parameter.

If I delete .htaccess from the root folder, both sites work correctly.

There must be something in .htaccess that blocks the ?pagetoprocess parameter being passed to au/index.php ? I'll experiment with it til I find the offending line?

PurpleEdge’s picture

PurpleEdge commented

I found it is caused by...

php_value register_globals 0

I comment this line and my sub folder now processes requests correctly. I haven't investigated this property, what are the consequences of not setting this value to zero?

GN’s picture

GN commented

I would recommend you leaving Drupal's .htaccess file as is, and create a separate .htaccess file in your subdirectory/subdomain where you can enter whatever setting you wish, e.g.
php_flag register_globals on
if your scripts need Register_globals=ON

Heine’s picture

Heine commented

http://nl3.php.net/register_globals has backgrounds on register globals + some dangerous example code.

When on, register_globals will inject (poison) your scripts will all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier.

--
Tips for posting to the forums

PurpleEdge’s picture

PurpleEdge commented

http://www.zend.com/zend/art/art-sweat4.php

I just needed to get the value passed from a global array, in my case adding...

$pagetocall = $GET['pagetocall'];

...retrieved the passed parameter and allows my site to be secure!

Always learning [g]