Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix [Module usage questions]

11

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/1/13 19:14
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Make a file called eg info.php containing this code:


<?php phpinfo(); ?>

and place it in your XOOPS directory. When you run it, it will give you the correct status.
When you are done, delete it!

The art of asking questions.

12

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/1/13 20:05
GPboarder
Friend of XOOPS
Posts: 248
Since: 2006/10/6

Thanks.

Protector still indicates that it is on but the summary your file returns shows that it is off.

Optimism is the mother of disappointment.

13

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/1/14 8:05
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Could you repeat that test in /modules/protector?

The art of asking questions.

14

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/1/14 18:41
GPboarder
Friend of XOOPS
Posts: 248
Since: 2006/10/6

Yes,

I did notice that my site is running on PHP 4.4.4 whether that matters or not.

The Control Panel Homepage has a little red x beside register_globals.

Accessing phpinfo in the root folder indicates that register_globals is off.

Accessing phpinfo in the /modules/protector folder indicates that register_globals is "on" for both the Local value and the Master value.

Protector Security Advisor indicates that register_globals is "on".

This makes sense to me that Protector gets the same result. Now the question is whether there is something needing to be done about it?

Optimism is the mother of disappointment.

15

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/1/14 19:37
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

It seems you have a local php.ini in your root or something. If that is the case, it should be located in every directory with php files (see this thread for a solution with .htaccess).

The art of asking questions.

16

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/1/14 21:58
GPboarder
Friend of XOOPS
Posts: 248
Since: 2006/10/6

I hadn't noticed it before but there is a php.ini file in the root folder. All it says is register_globals = Off.

Is this the file to be copied to the directories?

I've read the .htaccess threads but don't understand that quite frankly. I'm not there yet.

Optimism is the mother of disappointment.

17

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/1/15 0:49
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Yes, but by having a .htaccess file with the


SetEnv PHPRC /path to your custom php.ini/

line in it, it should be no longer necesary to copy the php.ini file to all directories with executable php files. The path is corresponding to what is in your XOOPS_ROOT_PATH definition.

The art of asking questions.

18

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/1/15 21:19
GPboarder
Friend of XOOPS
Posts: 248
Since: 2006/10/6

Thanks.
I think I'm getting it now.
I found this information helpful for my level.

I've inquired with my host company to see if there are any issues with the use of .htaccess. Hopefully tomorrow this will all be sorted.

Optimism is the mother of disappointment.

19

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

2009/2/4 20:59
GPboarder
Friend of XOOPS
Posts: 248
Since: 2006/10/6

This is the reply from my host:

Please note that all of the php changes should be done by php.ini file and you can not use .htacess file for changing php parameters.

If I am understanding correctly, I need to copy the php.ini file to every directory that has any .php files.

Are there any areas where I should not place such a file?

Optimism is the mother of disappointment.

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Re: Protector 3.2 - Register Globals, url_fopen, Contaminations, Isolated Comments and Prefix

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}