Register Globals & PHP4

Using register_globals with PHP4

Customers using PHP4 with “Register_Globals” need to be aware of this!

This update is to notify all customers that we have disabled the PHP setting register_globals. As exploits that rely on this setting increase, we have made the change to make our servers more secure.

It’s now common for hosts to have register_globals switched off and script makers to use code that doesn’t rely on it. Customers who code their own PHP scripts should read the following, which details the security issues.

PHP Register Globals

We are still able to provide hosting for customers who may still need this enabled.

Anyone affected should see if an updated script is available that uses secure code and doesn’t require the setting to be on. If this is a custom script, we suggest altering the code to make it secure regarding register_globals.

If register_globals really needs to be “On,” you can do this by adding the following line to a .htaccess file in the public_html directory.

INSERT THIS INTO A .HTACCESS FILE: “php_value register_globals 1”

Any client making this change should be aware of the security risks. Also, be prepared to take responsibility should a script compromise occur due to the setting. Customers are asked only to make the setting when really vital and not carry out the change on each and every account when not required.

What is difference between php4 and php5?

PHP4 is powered by Zend Engine 1.0, while PHP5 is powered by Zend Engine II. Constructors have the same name as the Class name in PHP4 while we can declare Constructor as _construct and Destructor as _destruct() in PHP5.

PHP5 allows to declare a class as abstract while PHP4 not.

If you have any questions about Migrating to PHP5 then please do raise a support ticket or Contact us.