After my server changed to phpsuexec, the protector module security advisor info is wrong. I used to have a .htaccess file that had in it the following lines
php_flag register_globals off
php_admin_flag allow_url_fopen off
php_flag session.use_trans_sid off
and the protector module worked fine, now I need a php.ini file with these lines
register_globals = Off
allow_url_fopen = Off
Now in the security advisory it says
'register_globals' : on Not secure
'allow_url_fopen' : on Not secure
'session.use_trans_sid' : on Not secure
If I check phpinfo on the site it says that they are all off.
Now my question, If the protector module doesn't recognize that these are off is the module working, or should I remove it or should I just ignore the security advisory page or is it a bug.
Thanks,
John
Perhaps, protector's advisory is correct.
Check it by inserting pnpinfo(); into protector/admin/advisory.php like this.
<?php
require_once( '../../../include/cp_header.php' ) ;
// beggining of Output
xoops_cp_header();
include( './mymenu.php' ) ;
// open table for ADVISORY
echo "<br />\n<div style='border: 2px solid #2F5376;padding:8px;width:95%;' class='bg4'>\n" ;
phpinfo(); // <- this line
How can this be, If I put it in like you said it shows them all on, but if I put it in a file in the sites root it shows them all off. Also if I put it in the modules folder it show them all on. I don't understand this, I will contact my host, do I need a php.ini file in every directory? That would be crazy.
Thanks,
John
It's your server's problem.
Perhaps the administrator does not have enough skills.
You'd better change the server
Maybe your php.ini file isn't in the correct place. The phpinfo() output will tell you which php.ini is being used.
Also see:
http://us2.php.net/configuration