Setting register_globals to OFF

I know that this is probably a very simple question. I had some server issues so my host reset my php.ini file to a default php.ini file. As a result, I'm now getting an error that says, "Configuration warning: register_globals is set to ON in your php.ini configuration file."

First, is there somewhere that I can download a php.ini file for Modx 2.0.06-pl2 with all of the correct settings already setup? If not, what do I need to do in my default php.ini file?

Thanks!

It depends on your server. You may be able to add a line to your .htaccess file, if it's using an Apache module for PHP



Be careful; you may also need to turn off magic_quotes_gpc, as this will cause extra / characters to be added to all quote marks in data saved to the database if it's on.

If you are using PHP as a CGI instead of an Apache module, you'll need to have a custom php.ini file in the site's root and the /manager directory with the necessary directive. The proper way to do this is to have a full copy of the default php.ini file with the desired changes added, but a file with just the required directives will do the job. Such a custom file needs to be in every folder that has a .php file that is run; MODx only actually runs two, the root index.php for the front-end and the index.php file in the /manager. All the rest of the MODx .php files are included by those two, so only those two directories need a custom php.ini file, unless you have custom AJAX scripts or something of the sort being run.

It's actually a very bad practice of your hosting to have either of these set to ON. They are being deprecated by PHP and most likely won't even exist in the next major version, since register_globals can cause security problems, and magic_quotes is not very good at adding any security, mostly only providing a false impression of doing so and otherwise just causing problems for properly written code that is secure.

Hey Susan,

Thank you for the explanation. I spoke with my host and I need to make the change within the php.ini file. So in this case, what should I do?

Thank you!

So I figured out how to change the php.ini file through the Modx interface, which I have now done for the files in the root folder and /manager. I'm still getting the error message though. Any other thoughts?

Thanks.

Hello,

Depending on your host configuration, you may need to add a custom php.ini file to every folder.

Also I would recommend using: www.tips-scripts.com/php_ini to generate the custom php.ini file as it uses your host's default as the base and applies your changes.

Who is the hosting provider?

I am using HostMonster.com. I recently had a bunch of issues that required restoring a back-up.

I observe the MODx Manager issuing a configuration warning as register_globals is On.

After putting this php.ini at the root of the website, I observed with phpinfo.php that the local value of register_globals had been correctly changed to Off.

After putting phpinfo.php inside the manager folder, I can confirm that the settings in php.ini were correctly transmitted from the root of the website to this subfolder.

The master value is still On. I assume this being normal, as the master value is probably thus set by the web hosting.

But some strange thing is that despite the local value should supersede the master value, the warning still displays in MODx, even if I empty MODx cache, as well as the browser cache.

Any idea?