> -----Original Message----- > From: Jim Cheetham [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 19, 2004 4:47 PM > To: [EMAIL PROTECTED] > Subject: Re: FATAL ERROR: register_globals is disabled in php.ini, > please enable it! > > > On Wed, 19 May 2004 16:31:52 +1200, Don Gould > <[EMAIL PROTECTED]> wrote: > > FATAL ERROR: register_globals is disabled in php.ini, > please enable it! > > Ok, I've edited the php.ini > What out-of-date code are you running this time?
http://www.oscommerce.com/ > register_globals ahould be off, and it should stay off. It is only > provided as a means of running legacy code. It introduces > huge security > vulnerabilities into PHP. > > If you find a project that *requires* register_globals, you > can be sure > that running it will leave you open to all sorts of > cross_site scripting > and authentication security problems. Hell, why not install > Matt's Script > Archives formmail.cgi instead? I wonder if I can turn it off again once the installation is completed. > > -jim, professional PHP-hater. Except for phpwiki ... :-) >
