Misreporting register_globals for PHP 5.5?
Posted: 11 Aug 2013, 16:12
I recently setup cPanel and built EasyApache with Apache 2.4.6 & PHP 5.5.1. After installing CSF v6.30 and running Check Server Security, "Check php for register_globals" is coming up as "WARNING".
I opened /usr/local/lib/php.ini and confirmed it contained the following lines:
I also ran "php -i", but "register_globals" is not shown anywhere in the output. Perhaps this is because PHP 5.5 has completely dropped support for register_globals?
--
Edit: Just had a look at the changelog and found a hint - for CSF v5.61 there is "Skip checks for register_globals and suhosin if running PHP v5.4.* in Server Check report". Perhaps this feature should be extended to PHP 5.5.x as well?
I opened /usr/local/lib/php.ini and confirmed it contained the following lines:
Code: Select all
; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
register_globals = Off--
Edit: Just had a look at the changelog and found a hint - for CSF v5.61 there is "Skip checks for register_globals and suhosin if running PHP v5.4.* in Server Check report". Perhaps this feature should be extended to PHP 5.5.x as well?
