[geeklog-users] register_globals issues
Tony Bibbs
tony at tonybibbs.com
Fri Feb 7 12:23:18 EST 2003
On Fri, 7 Feb 2003 eyemovie at mac.com wrote:
> Esteemed Geekloggers:
>
> Thanks for your assistance with the previous most basic download/upload
> issues with putty ... no problem. You're great!
>
> Now ... remembering I'm at a government facility with permission to
> have a website provided I don't ask for help!
>
> I've gotten the website up, had to use 777 for the permissions,
> register_globals remains off and I am able to change the info for the
> admin and moderator ... but not submit, edit, or delete stories or
> users.
>
> Our IT department says that turning register_globals on is a security
> risk as clearly documented in the php.ini file, which I have read. My
> questions are:
>
> 1. Will turning register_globals on allow me to add/modify/delete
> stories/users?
YES
> 2. Is there an alternative to changing the php.ini file? I have
> seen/heard of information about changing the virtual hosts section and
> turning on php.ini for only the virtual host. I've also heard/seen
> about turning on register_globals in .htaccess ... which I have done,
> but obviously isn't having the affect wanted ... is there an
> alternative way?
AFAIK, most weblog packages and, in fact, my PHP programs are trying to
get around the fact that PHP not ships with register_globals set to Off by
default. Geeklog, like many, would have to touch literally every page in
countless places to bring it up to compliance and with the GL2 effort
going on it is not slated for 1.3.x to be compliant.
I doubt it works but try this. At the very top of lib-common.php just
before the include of config.php:
ini_set('register_globals', '1');
This will attempt to overrride what is in php.ini.
> 3. Lastly, if there is no alternative way ... I dare not ask the
> question ... but is there an alternative portal/weblogger you wold
> recommend with calendar and all the other good things of geeklog and
> the ability to post articles, etc. you could recommend ... for this you
> can reply privately to me at rdgATaol.com and place "geeklog" in the
> subject so I won't delete it automatically as spam.
Let's wait and see if the ini_set works before we do anything dumb like
that ;-)
>
> Thanks in advance for your help with this newbie.
>
> ; )
>
> _______________________________________________
> geeklog-users mailing list
> geeklog-users at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-users
>
--
------------------------------------------------------------------------|
Tony Bibbs | "I guess you have to remember that those who don't |
tony at tonybibbs.com | hunt or fish often see those of us who do as |
| harmlessly strange and sort of amusing. When you |
| think about it, that might be a fair assessment." |
| --Unknown |
------------------------------------------------------------------------|
More information about the geeklog-users
mailing list