MODx 1.0 - Configuration warning: register_globals [RESOLVED]

26 Posts

webarnes Reply #1, 14 years, 6 months ago

MODx 1.0

I get the following configuration error:

One or more configuration details didn’t check out OK:

Configuration warning: ’register_globals is set to ON in your php.ini configuration file’

What does this mean?
This configuration makes your site much more susceptible to Cross Site Scripting (XSS) attacks. You should speak to your host about what you can do to disable this setting.

____________________________________________________

I’ve searched everywhere and can not find any where that my register_globals are actually on.

I’ve opened my php.ini file and re-uploaded a dozen times.
When I view phpINFO.php it shows:
Directive Local Value Master Value
register_globals Off Off

The only .htacess file that I have uploaded is the one that comes with the packaged download.
I do not have any additional .htaccess rules included.

I am at a loss.
Has any one encountered this issue before?

Thanks in advance,
William

MODX Staff
2,502 Posts

Jay Gilmore Reply #2, 14 years, 6 months ago

I might first try to re upload the files or reinstall MODx. If register_globals is showing as yet php_info() shows it as off something is awry. My guess is there is an error in one of you application files somewhere.

Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician. Blog ✦ Twitter ✦ LinkedIn ✦ GitHub

26 Posts

webarnes Reply #3, 14 years, 6 months ago

ok. I have phpINFO in the root of my server. The info I gave above was based on that information.

When I am in the manager panel / Reports / System Info - there is a different phpInfo with a view link.
When I click the view link I ge the following:

Directive Local Value Master Value
register_globals On On

__________________________________

Does this mean I am looking for a file in the manager folder?

I found the config_check.inc.php file.

Where does:

if (ini_get('register_globals')==TRUE) {
    $warningspresent = 1;
    $warnings[] = array($_lang['configcheck_register_globals']);
}

Get the php.INI file from?

If I can find the right file can change the register_globals to OFF.

Thanks,
William

☆ A M B ☆
24,524 Posts

sottwell Reply #4, 14 years, 6 months ago

There can be several php.ini files on your system; near the beginning of the phpinfo() view it should have a bunch of PHP configuration settings, including

Configuration File (php.ini) Path (mine says /opt/coolstack/php5/lib)

This will tell you where your actual working PHP is getting its ini file from.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

MODX Staff
2,502 Posts

Jay Gilmore Reply #5, 14 years, 6 months ago

Depending on your server, you may be able to disable register_globals from the .htaccess file in the webroot of your MODx install. If it doesn’t give a 500 error you should be good. Some suExec servers will require you to put a php.ini file in each directory you wish to turn off register_globals in. If as Susan points out, you are able to locate the controlling php.ini file for your webroot you should be able to turn it off there.

Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician. Blog ✦ Twitter ✦ LinkedIn ✦ GitHub

26 Posts

webarnes Reply #6, 14 years, 6 months ago

WOOHOOO!!

Thanks everyone.
I transferred a copy of the php.ini into the assets and templates directories.

Problem resolved.

embarrassed

Just a tad bit on the embarrassing side!

Regards,
William