11
Many people are hosted on systems that have register_globals On and don't have the ability to turn it off. If they are lucky they can use an .htaccess file.
I suggest you have at lest one .htaccess file in the XOOPS root dir with:
================
php_value register_globals 0
================
You can then us a phpinfo() file to verify the settings. A quick easy trick is to put a typo in .htaccess and see if you get an error page, then you know if .htaccess is being parsed. If you can't do either and the settings are insecure than I'd consider a new provider.
If you have a module that must use register_globals On and you're willing to risk it then place an .htaccess file in that module's dir with:
====================
php_value register_globals 1
====================
The value is only valid from that module's path and deeper.