I tried to put the line: "php_flag register_globals off" in my .htaccess file so I could turn Register_Globals off, but when I did, this came up on my web site.



Does anyone know what's wrong?

Talk to your hosting company and tell them what you are trying to do.  They should be able to tell you want you need to do to turn RG off.

Hi..

Searching about the same problem i found a little tool to set the register_global in "Off" without rootaccess to my server.

The original post is in the forum of the joomla.de community.
http://www.joomlaportal.de/sicherheit/53461-register_globals-bei-1-1-a.html

I try to explain me in english.

What is this tool doing:
To setup register_global you have to place an php.ini file with the code "register_globals = off" in every directory that contains .php files in your website. If you do it manualy it will be a lot of work because Joomla! has so many directories inside.
Placing only one php.ini file in the Joomla! root the tool scan for folders with .php files in your site and adds syslinks pointing to the php.ini file in your root. Thats all... After this the register_global function is "OFF" and the security message isn't there anymore.
If you want to get back to your initial configuration you can remove all syslinks with the tool in the same way that you added the links.
After setting up the syslinks its higly recommendet to remove the tool for security reasons. Also this you can do with press a button inside the tool...
If you need to add new syslinks because you install new components or other you have to upload the tool again and rescan the folders. The tool adds the syslinks where needed. And remember to remove the tool after...

The two files attached has to be placed in the Joomla! root over FTP after point your Browser to your Joomla! root like this:
http://www.yourdomain.xx/configPHP.php and run the tool.

I tried this on two different providers with success. But i do not realy know what the tool is doing...(I'm not a coder)  Maybe some Server Guru can have a look to see if this tool is clean like it's seams and if this way is the right way to do it. The tecnical support from puretec.de (one of my hosters) told me that this is ok...

Regards

Bergmannn,

Here is what I have found out after searching through allot of forums and i hope this helps you and anyone else using 1and1.com

By default 1and1.com uses php 4.44 for backwards compatability. While this does allow many of their clients to continue using older php scripts it also leaves allot of security holes open that were fixed in php 5.

To solve this problem you can do 4 things, first copy a php.ini file into ever folder one at a time, second use a script to copy the php.ini file or create a link to that file like your script does. third you can change each and ever php file to use the .php5 extention.

The forth and best way  is to create a file at the root of your site called .htaccess. and put this one line in that file.




What this does is tells the apache server that 1and1 uses to the php 5 engine on all php files in the same directory and all sub directories that the .htaccess file resides in. This greatly inceases the security of your site because php 5 turns off the register globals option by default and fixes several other security holes that were in php 4.

For your convince I will also attach a htaccess file for you to download. just ftp the file to the root of your webspace and rename to .htaccess and your done.

Did you read my post ? I already solve the problem...

Poste removed by author

Hi, I followed the instructions, but I still have the message saying register_globals is on.
Any idea?

Php is runned as cgi

I used the script and that took care off my security flag.

Thank you...

Now to apply it to my other sites...

I've tried this with my hostgator hosting....all seems fine now. thks..for the solution