[Invalid]: Turning off the Register Globals Admin Message [Invalid]: Turning off the Register Globals Admin Message
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Invalid]: Turning off the Register Globals Admin Message

Started by Lasivian, March 24, 2010, 07:20:57 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Lasivian

March 24, 2010, 07:20:57 PM Last Edit: March 25, 2010, 07:26:21 AM by Joachim Müller
While i'm happy with the attempt to improve security, after 20 hours failing to turn off this setting with Dreamhost I finally gave in and just figured out how to strip the warning message. (I couldn't strip it without going to PHP5 on Dreamhost, and I have apps that need PHP4, so it's going to take more time than I have right now to do the changeover)

I suggest you try to turn off the setting first, but if that fails you can find the warning messages in /lang/english.php & /include/themes.inc.php and remove it.

Good luck.

Joachim Müller

#1
March 25, 2010, 07:26:11 AM
The warning message is only visible for you as an admin and therefore doesn't hurt if you leave it on permanently (as suggested in "[WARNING] : PHP setting register_globals should be disabled on your server") - your gallery's visitors won't get distracted. I find it hard to believe that even your webhost is not able to turn that off. On my webhosting I can even turn that on/off for each folder separately, so I could disable register_globals for the folder coppermine resides in and enable it for another folder where a badly-written application resides  that needs register_globals enabled. Not that I was using such an app on my actual webspace. If my webhost wouldn't turn that off for me I'd consider looking for another webhost who knows his way around.
Thanks for your readiness to share, but you're drawing the wrong conclusions: you mustn't edit include/themes.inc.php, under no circumstances. Instead, you should edit themes/yourtheme/theme.php instead, where you can accomplish exactly the same thing. Not very surprisingly, this has been discussed previously, so yours is just yet-another-well-meant-but-wrong posting. The actual solution is to turn that setting off and not just cowardly silencing the output. Anyway, if you must silence the output, edit themes/yourtheme/theme.php with a plain text editor (notepad.exe is fine) and add
Code Select
function adminmessages() {
    return;
}into a new line of it's own just before
Code Select
?>, but as suggested countless times already that's nonsense: you just decide to close your eyes if you disable the warning. Doing that is just silly. Marking your thread as "invalid".
Print
Go Up Pages1
User actions