On php flags

Well as this post was originally on english and i have two powerful reasons to no translate is lefted as in the original… apologies to the spanish readers:

Posted: Mon Feb 14, 2005 1:48 pm

Before i have complained about had to use register_globals & magic_quotes… as for we host several sites every one with his own virtualhost directive… as a friend of me suggested there is one way to not expose all your vhosts… to attack (as for some sites are using applications with exploits only affected/presented/exploitable with these variables ON).. I find the next solution, on my global php.ini had these values off… but in virtual host had this:

ServerName foo.foobar
DocumentRoot /var/www/claroline
ErrorLog /var/log/apache/claroline_error.log
CustomLog /var/log/apache/claroline_access.log combined
php_flag register_globals On
php_flag magic_quotes_gpc On

So only claroline and his directory is running with these variables turned on… also for i have see a lot of .inc en claroline, reading docs found:

Options None
Order Allow, Deny
Deny from All
AllowOverride None
Satisfy All

As I not enough saavy with httpd.conf don’t know how to apply only to the claroline directory (as i had not defined in these file… thing of put these inside ) any ideas are welcome… suggest and comments… required ;)

Reading from other sources…
Setting up a .htaccess file for testing

If you want to test your site with the register_globals setting on, you will need to create a .htaccess file in your site’s main directory (or the main directory of your site that contains PHP scripts). Your .htaccess file should contain the following line:

php_flag register_globals on

so i think same applies to magic_quotes….

And is a very nice way to do the work ;)


Esta entrada fue publicada en General. Guarda el enlace permanente.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.