Tomas Kuliavas said: > php_flag register_globals off > > not php_value. register_globals is boolean.
Okay, that worked! Strange that when I used "php_value register_globals Off", phpinfo.php showed that the Local Value for register_globals did go "Off" so it appeared successful. > Your webhosting provider must > allow use of htaccess files in apache configuration. It does, and I use htaccess to override various values such as "php_value upload_max_filesize" to increase attachment size. > It is strongly recommended to run SquirrelMail and other PHP scripts with > register_globals turned off. Provider should turn globals only when > scripts are broken, don't work in rg=off and you can't fix those scripts. So, should I recommend that my web host turn register_globals off for the entire server? I'm all right now, as adding your line to my htaccess file has solved the issue for my SM install, but should I make my web host aware of this issue? > We are trying to prevent use of insecure SquirrelMail and PHP setups. Sounds prudent. :) Thanks Tomas! ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@lists.sourceforge.net List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
