admin/environment/custom check/php check register globals

Jump to: navigation, search

To disable register_globals on an Ubuntu/Debian running Apache (the 7.0 will vary depending on which version of PHP you're running, also if you're running nginx the path would be /etc/php/7.0/nginx/php,ini):

sudo nano /etc/php/7.0/apache/php.ini

Add the following at the bottom:

register_globals = Off

Save and close the file, then restart php:

systemctl restart php7.0-fpm.service

If you're running FastCGI you'll also want to make the same addition to /etc/php/7.0/fpm/php.ini

            • Previous post about this from someone is below*******

If register_globals is ON there are certain security risks so it should be turned off.

You can check the setting under the administration interface for server for your site.

Moodle will often give a very short description about how to change this if it is set to ON.

Here is an example from a hosted site:

I found a forum post on the Siteground site about this problem. They said that if one had php 5.1 that register_globals was ON by default and that under 5.1 a php.ini could NOT effect it. But that one can easily change the used php version with a suitable .htaccess file (for changing to php5.2):

AddHandler application/x-httpd-php52 .php .php5 .php4 .php3

in the public_html root that would influence other directories recursively. (One can also do it differently in different directories if one needs that.)

After doing that the register_globals was off.