Well as this post was originally on english and i have two powerful reasons to no translate is lefted as in the original… apologies to the spanish readers:
Posted: Mon Feb 14, 2005 1:48 pm
Before i have complained about had to use register_globals & magic_quotes… as for we host several sites every one with his own virtualhost directive… as a friend of me suggested there is one way to not expose all your vhosts… to attack (as for some sites are using applications with exploits only affected/presented/exploitable with these variables ON).. I find the next solution, on my global php.ini had these values off… but in virtual host had this:
ServerName foo.foobar
DocumentRoot /var/www/claroline
ErrorLog /var/log/apache/claroline_error.log
CustomLog /var/log/apache/claroline_access.log combined
php_flag register_globals On
php_flag magic_quotes_gpc On
So only claroline and his directory is running with these variables turned on… also for i have see a lot of .inc en claroline, reading docs found:
Options None
Order Allow, Deny
Deny from All
AllowOverride None
Satisfy All
As I not enough saavy with httpd.conf don’t know how to apply only to the claroline directory (as i had not defined in these file… thing of put these inside
Reading from other sources…
Setting up a .htaccess file for testing
If you want to test your site with the register_globals setting on, you will need to create a .htaccess file in your site’s main directory (or the main directory of your site that contains PHP scripts). Your .htaccess file should contain the following line:
php_flag register_globals on
so i think same applies to magic_quotes….
And is a very nice way to do the work ;)
Regards
