Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [Invalid]: Turning off the Register Globals Admin Message  (Read 2915 times)

0 Members and 1 Guest are viewing this topic.

Lasivian

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
[Invalid]: Turning off the Register Globals Admin Message
« on: March 24, 2010, 07:20:57 pm »
While i'm happy with the attempt to improve security, after 20 hours failing to turn off this setting with Dreamhost I finally gave in and just figured out how to strip the warning message. (I couldn't strip it without going to PHP5 on Dreamhost, and I have apps that need PHP4, so it's going to take more time than I have right now to do the changeover)

I suggest you try to turn off the setting first, but if that fails you can find the warning messages in /lang/english.php & /include/themes.inc.php and remove it.

Good luck.
« Last Edit: March 25, 2010, 07:26:21 am by Joachim Müller »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Turning off the Register Globals Admin Message
« Reply #1 on: March 25, 2010, 07:26:11 am »
The warning message is only visible for you as an admin and therefore doesn't hurt if you leave it on permanently (as suggested in "[WARNING] : PHP setting register_globals should be disabled on your server") - your gallery's visitors won't get distracted. I find it hard to believe that even your webhost is not able to turn that off. On my webhosting I can even turn that on/off for each folder separately, so I could disable register_globals for the folder coppermine resides in and enable it for another folder where a badly-written application resides  that needs register_globals enabled. Not that I was using such an app on my actual webspace. If my webhost wouldn't turn that off for me I'd consider looking for another webhost who knows his way around.
Thanks for your readiness to share, but you're drawing the wrong conclusions: you mustn't edit include/themes.inc.php, under no circumstances. Instead, you should edit themes/yourtheme/theme.php instead, where you can accomplish exactly the same thing. Not very surprisingly, this has been discussed previously, so yours is just yet-another-well-meant-but-wrong posting. The actual solution is to turn that setting off and not just cowardly silencing the output. Anyway, if you must silence the output, edit themes/yourtheme/theme.php with a plain text editor (notepad.exe is fine) and add
Code: [Select]
function adminmessages() {
    return;
}into a new line of it's own just before
Code: [Select]
?>, but as suggested countless times already that's nonsense: you just decide to close your eyes if you disable the warning. Doing that is just silly. Marking your thread as "invalid".
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.02 seconds with 19 queries.